Practice Free NSE7_SDW-7.2 Exam Online Questions
Question #11
What metric can NOT be used by SD-WAN rules to make traffic steering decisions?
- A . Latency
- B . Packet loss
- C . Application type
- D . User identity
Correct Answer: D
Question #12
Refer to the exhibit.
Which statement explains the output shown in the exhibit?
- A . FortiGate performed standard FIB routing on the session.
- B . FortiGate will not re-evaluate the session following a firewall policy change.
- C . FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.
- D . FortiGate must re-evaluate the session due to routing change.
Correct Answer: D
D
Explanation:
The snat-route-change option is enabled by default. This option enables FortiGate to re-evaluate the routing table and select a new egress interface if the next hop IP address changes. This option only applies to sessions in the dirty state. Sessions in the log state are not affected by routing changes.
D
Explanation:
The snat-route-change option is enabled by default. This option enables FortiGate to re-evaluate the routing table and select a new egress interface if the next hop IP address changes. This option only applies to sessions in the dirty state. Sessions in the log state are not affected by routing changes.
Question #13
Which are three key routing principles in SD-WAN? (Choose three.)
- A . FortiGate performs route lookups for new sessions only.
- B . Regular policy routes have precedence over SD-WAN rules.
- C . SD-WAN rules have precedence over ISDB routes.
- D . By default, SD-WAN members are skipped if they do not have a valid route to the destination.
- E . By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.
Correct Answer: BDE
BDE
Explanation:
Study Guide 7.2, pages 125, 129, 151
BDE
Explanation:
Study Guide 7.2, pages 125, 129, 151
Question #14
Refer to the exhibit.
Which statement about the role of the ADVPN device in handling traffic is true?
- A . This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.
- B . Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.
- C . This is a hub that has received a query from a spoke and has forwarded it to another spoke.
- D . Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.
Correct Answer: C
Question #15
Which statement about using BGP for ADVPN is true?
- A . You must use BGP to route traffic for both overlay and underlay links.
- B . You must configure AS path prepending.
- C . You must configure BGP communities.
- D . IBGP is preferred over EBGP, because IBGP preserves next hop information.
Correct Answer: D
D
Explanation:
ADVPN is a technology that allows dynamic creation of IPsec tunnels between branch sites without requiring pre-configured policies or keys. BGP is a routing protocol that can be used to exchange routes between ADVPN peers. IBGP is a type of BGP that runs between routers in the same autonomous system (AS), while EBGP is a type of BGP that runs between routers in different ASes. IBGP is preferred over EBGP for ADVPN, because IBGP preserves the next hop information of the routes, which is needed to establish the IPsec tunnels. EBGP changes the next hop information to the EBGP peer address, which may not be reachable by the ADVPN peers. Therefore, using IBGP for ADVPN avoids the need to configure additional static routes or redistribute routes between BGP and another routing protocol. Reference = ADVPN with BGP as the routing protocol, ADVPN, SD-WAN self-healing with BGP, Technical Tip: ADVPN with BGP as the routing protocol
The statement that IBGP is preferred over EBGP for ADVPN because IBGP preserves next hop information (D) is true. In a typical ADVPN deployment, it’s beneficial to maintain next hop information across the network to ensure proper routing and optimal path selection.
Reference: This understanding comes from my knowledge of Fortinet’s SD-WAN and ADVPN configurations, where BGP’s behavior in terms of next hop preservation is a key consideration.
D
Explanation:
ADVPN is a technology that allows dynamic creation of IPsec tunnels between branch sites without requiring pre-configured policies or keys. BGP is a routing protocol that can be used to exchange routes between ADVPN peers. IBGP is a type of BGP that runs between routers in the same autonomous system (AS), while EBGP is a type of BGP that runs between routers in different ASes. IBGP is preferred over EBGP for ADVPN, because IBGP preserves the next hop information of the routes, which is needed to establish the IPsec tunnels. EBGP changes the next hop information to the EBGP peer address, which may not be reachable by the ADVPN peers. Therefore, using IBGP for ADVPN avoids the need to configure additional static routes or redistribute routes between BGP and another routing protocol. Reference = ADVPN with BGP as the routing protocol, ADVPN, SD-WAN self-healing with BGP, Technical Tip: ADVPN with BGP as the routing protocol
The statement that IBGP is preferred over EBGP for ADVPN because IBGP preserves next hop information (D) is true. In a typical ADVPN deployment, it’s beneficial to maintain next hop information across the network to ensure proper routing and optimal path selection.
Reference: This understanding comes from my knowledge of Fortinet’s SD-WAN and ADVPN configurations, where BGP’s behavior in terms of next hop preservation is a key consideration.
Question #16
What is the purpose of using multiple SD-WAN members in a single SD-WAN interface?
- A . To provide a backup in case the primary interface fails
- B . To increase the bandwidth by combining interfaces
- C . To segregate traffic based on the type of application
- D . To enforce different security policies
Correct Answer: B
Question #17
Refer to the exhibit.
Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?
- A . type must be set to static.
- B . mode-cfg must be enabled.
- C . exchange-interface-ip must be enabled.
- D . add-route must be disabled.
Correct Answer: D
Question #18
In FortiGate, what is the purpose of the SD-WAN rules?
- A . To define security policies
- B . To prioritize traffic based on source and destination
- C . To direct traffic based on application
- D . To log traffic for monitoring purposes
Correct Answer: C
Question #19
Refer to the exhibit.
Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)
- A . FortiGate does not install IPsec static routes for remote protected networks in the routing table. Most Voted
- B . The phase 1 configuration supports the network-overlay setting. Most Voted
- C . FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.
- D . Dead peer detection is disabled.
Correct Answer: AC
Question #20
Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)
- A . Type of physical link connection
- B . Internet service database (ISDB) address object
- C . Source and destination IP address
- D . URL categories
- E . Application signatures
Correct Answer: BCE