Fortinet nse7-sdw-7-2 practice test

Which statement about using BGP for ADVPN is true?

• A. IBGP is preferred over EBGP, because IBGP preserves next hop information.
• B. You must configure AS path prepending.
• C. You must configure BGP communities.
• D. You must use BGP to route traffic for both overlay and underlay links.

Refer to the exhibit.

The exhibit shows output of the command diagnose sys sdwan service collected on a FortiGate device.
The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HQ servers 10.0.0.1.
Based on the exhibits, which two statements are correct? (Choose two.)

• A. There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.
• B. FortiGate steers traffic to HQ servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected.
• C. When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.
• D. FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

• A. You can move port1 from the underlay zone to the overlay zone.
• B. You can delete the virtual-wan-link zone because it contains no member.
• C. The corporate zone contains no member.
• D. The overlay zone contains four members.

Which statement is correct about SD-WAN and ADVPN?

• A. SD-WAN can steer traffic to ADVPN shortcuts only for rules defined with strategy manual or best quality.
• B. SD-WAN does not monitor the health and performance of ADVPN shortcuts.
• C. SD-WAN cannot steer traffic to ADVPN shortcuts established over IPSec overlays if the zone contains physical interfaces.
• D. SD-WAN can steer traffic to ADVPN shortcuts established over IPsec overlays configured as SD-WAN members.

Which are three key routing principles in SD-WAN? (Choose three.)

• A. By default. SD-WAN members are skipped if they do not have a valid route to the destination.
• B. By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.
• C. FortiGate performs route lookups for new sessions only.
• D. SD-WAN rules have precedence over ISDB routes.
• E. Regular policy routes have precedence over SD-WAN rules.

Refer to the exhibit.



Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.

Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

• A. London generates an IKE information message that contains the Toronto public IP address.
• B. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
• C. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
• D. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

Refer to the exhibit.

The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.
Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

• A. Enable soft-reconfiguration
• B. Enable route-reflector-client
• C. Set additional-path to send
• D. Set adv-additional-path to the number of additional paths to advertise
• E. Set advertisement-interval to the number of additional paths to advertise

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)

• A. link-down-failover
• B. update-source
• C. holdtime-timer
• D. set-route-rag

Refer to the exhibits.

Exhibit A

Exhibit B
Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on a FortiGate device acting as the sender. Exhibit B shows the sniffer output on a FortiGate device acting as the receiver.
The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1.
Based on the output shown in the exhibits, which two reasons can cause the observed behavior?
(Choose two.)

• A. The ICMP echo request packets sent over T_INET_0 and T_MPLS were dropped along the way.
• B. On the receiver FortiGate, packet-de-duplication is enabled.
• C. On the sender FortiGate, duplication-max-num is set to 3.
• D. The sender FortiGate has anti-replay enabled to block duplicate ICMP replies.

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

• A. idle-timeout
• B. link-down-failover
• C. auto-discovery-shortcuts
• D. hold-down-time