Free NSE7_SDW-6.4 Sample Questions — Fortinet NSE 7 - SD-WAN 6.4

Which feature enables SD-WAN to combine IPsec VPN dynamic shortcut tunnels between spokes and a static tunnel to the hub?

• A. ADVPN
• B. GRE
• C. SSLVPN
• D. OCVPN

In which two ways does FortiGate learn the FortiManager IP address or FQDN for zero-touch provisioning? (Choose two.)

• A. From a FortiGuard definitions update
• B. From the central management configuration configured in FortiDeploy
• C. From a DHCP server configured with options 240 or 241
• D. From another FortiGate device in the same local network

Which two reasons make forward error correction (FEC) ideal to enable in a phase one VPN interface? (Choose two.)

• A. FEC is useful to increase speed at which traffic is routed through IPsec tunnels
• B. FEC transmits the original payload in full to recover the error in transmission
• C. FEC transmits additional packets as redundant data to the remote device
• D. FEC improves reliability, which overcomes adverse WAN conditions such as noisy links
• E. FEC reduces the stress on the remote device jitter buffer to reconstruct packet loss

Which statement is correct about SD-WAN and ADVPN?

• A. You must use OSPF
• B. SD-WAN can steer traffic to ADVPN shortcuts established over IPsec overlays configured as SD-WAN members
• C. Routes for ADVPN shortcuts must be manually configured
• D. SD-WAN does not monitor the health and performance of ADVPN shortcuts

Which statement reflects how BGP tags work with SD-WAN rules?

• A. VPN topologies are formed using only BGP dynamic routing with SD-WAN
• B. Route tags are used for a BGP community and the SD-WAN rules are assigned the same tag
• C. BGP tags require that the adding of static routes be enabled on all ADVPN interfaces
• D. BGP tags match the SD-WAN rule based on the order that these rules were installed

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

• A. get ipsec tunnel list
• B. get router info routing-table
• C. diagnose debug application ike
• D. diagnose sys virtual-wan-link service

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two.)

• A. Traffic has matched none of the FortiGate policy routes
• B. Matched traffic failed RPF and was caught by the rule
• C. The FIB lookup resolved interface was the SD-WAN interface
• D. An absolute SD-WAN rule was defined and matched traffic

Which two benefits from using forward error correction (FEC) in IPsec VPNs are true? (Choose two.)

• A. FEC transmits the original payload in full to recover the error in transmission
• B. FEC reduces the stress on the remote device buffer to reconstruct packet loss
• C. FEC transmits additional packets as redundant data to the remote device
• D. FEC improves reliability, which overcomes adverse WAN conditions such as noisy links

Which two interfaces are considered overlay links? (Choose two.)

• A. IPsec
• B. Physical
• C. LAG
• D. GRE

What are two reasons why FortiGate would be unable to complete the zero-touch provisioning process? (Choose two.)

• A. The FortiGate cloud key has not been added to the FortiGate cloud portal
• B. FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager
• C. FortiGate has obtained a configuration from the platform template in FortiGate cloud
• D. factory reset performed on FortiGate
• E. The zero-touch provisioning process has completed internally, behind FortiGate

Why is it effective to use SD-WAN rules when configuring application control?

• A. Because you must use certificate full inspection on the firewall policy
• B. Because the application database is manually maintained by administrators
• C. Because traffic can be steered based on application type
• D. Because SD-WAN rules are independent from firewall policies to avoid controlling applications

Which two statements reflect the benefits of implementing the ADVPN solution to replace conventional VPN topologies? (Choose two.)

• A. It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links
• B. It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance
• C. It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub
• D. It provides direct connectivity between all sites by creating on-demand tunnels between spokes

Which three performance SLA protocols are available on the FortiGate CLI only? (Choose three.)

• A. tcp-echo
• B. icmp
• C. twamp
• D. udp-echo
• E. smtp

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

• A. Member metrics are measured only if an SLA target is configured
• B. SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy
• C. When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA
• D. SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements

Which statement is correct about the SD-WAN and ADVPN?

• A. Spoke support dynamic VPN as a static interface
• B. Dynamic VPN is not supported as an SD-WAN interface
• C. ADVPN interface can be a member of SD-WAN interface
• D. Hub FortiGate is limited to use ADVPN as SD-WAN member interface