Free NSE7_SDW-7.2 Sample Questions — Fortinet NSE 7 - SD-WAN 7.2

Which two statements about the SD-WAN members are true? (Choose two.)

• A. Interfaces of type virtual wire pair can be used as SD-WAN members
• B. You can manually define the SD-WAN members sequence number
• C. An SD-WAN member can belong to two or more SD-WAN zones
• D. Interfaces of type VLAN can be used as SD-WAN members

Which are three key routing principles in SD-WAN? (Choose three.)

• A. By default. SD-WAN members are skipped if they do not have a valid route to the destination
• B. By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member
• C. FortiGate performs route lookups for new sessions only
• D. SD-WAN rules have precedence over ISDB routes
• E. Regular policy routes have precedence over SD-WAN rules

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

• A. diagnose sys sdwan member
• B. diagnose sys sdwan interface
• C. diagnose sys sdwan zone
• D. diagnose sys sdwan service

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

• A. The session information output displays no SD-WAN-specific details
• B. All SD-WAN rules have the default and gateway setting enabled
• C. Traffic does not match any of the entries in the policy route table
• D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

• A. By default, FortiGate does not check if the selected member has a valid route to the destination
• B. You must configure each local-out feature individually, to use SD-WAN
• C. By default, local-out traffic does not use SD-WAN
• D. FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic

Which statement about using BGP for ADVPN is true?

• A. IBGP is preferred over EBGP, because IBGP preserves next hop information
• B. You must configure AS path prepending
• C. You must configure BGP communities
• D. You must use BGP to route traffic for both overlay and underlay links

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

• A. idle-timeout
• B. link-down-failover
• C. auto-discovery-shortcuts
• D. hold-down-time

What is true about SD-WAN multiregion topologies?

• A. It is not compatible with ADVPN
• B. Routing between the hub and spokes must be BGP
• C. Regions must correspond to geographical areas
• D. Each region has its own SD-WAN topology

Which three characteristics apply to provisioning templates available on FortiManager? (Choose three.)

• A. You cannot apply a system template and CLI template to the same FortiGate device
• B. CLI template can be of type CLI script or Perl script
• C. CLI template group can contain CLI templates of both types
• D. template group can include a system template and an SD-WAN template
• E. CLI templates are applied in order, from top to bottom

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

• A. get router info routing-table all
• B. get ipsec tunnel list
• C. diagnose vpn tunnel list
• D. diagnose debug application ike