● Fortinet NSE 7—SD-WAN 7.2 Exam Materials
The Actual questions for Fortinet NSE 7—SD-WAN 7.2 Exam (NSE7_SDW-7.2) - Updated Weekly
Question #1
Question #2
Refer to the exhibit.
The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.
Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths?
(Choose three answers)
- A. Enable soft-reconfiguration
- B. Enable route-reflector-client
- C. Set additional-path to send
- D. Set adv-additional-path to the number of additional paths to advertise
- E. Set advertisement-interval to the number of additional paths to advertise
Question #3
Which statement about using BGP for ADVPN is true? (Choose one answer)
- A. IBGP is preferred over EBGP, because IBGP preserves next hop information.
- B. You must configure AS path prepending.
- C. You must configure BGP communities.
- D. You must use BGP to route traffic for both overlay and underlay links.
Question #4
Refer to the exhibit.
Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and- spoke groups.
If an ADVPN on-demand tunnel is established between Toronto and London, which two configuration settings are required for ADVPN to work?
(Choose two answers)
- A. On the hubs, auto-discovery-sender is enabled on the IPsec VPNs to spokes.
- B. auto-discovery-forwarder is enabled on all IPsec VPNs.
- C. On the hubs, tunnel-search is set selectors.
- D. On the spokes, auto-discovery-receiver is enabled on the IPsec VPN to the hub.
Question #5
Which statement is correct about SD-WAN and ADVPN? (Choose one answer)
- A. SD-WAN can steer traffic to ADVPN shortcuts only for rules defined with strategy manual or best quality.
- B. SD-WAN does not monitor the health and performance of ADVPN shortcuts.
- C. SD-WAN cannot steer traffic to ADVPN shortcuts established over IPSec overlays if the zone contains physical interfaces.
- D. SD-WAN can steer traffic to ADVPN shortcuts established over IPsec overlays configured as SD-WAN members.
Question #6
Refer to the exhibit, which shows output of the command diagnose sys sdwan health-check status collected on a FortiGate device.
Which two statements are correct about the health check status on this FortiGate device?
(Choose two answers)
- A. The interface T_INET_0 missed three SLA targets.
- B. The interface T_INET_1 missed one SLA target.
- C. There is no SLA criteria configured for the health-check Level3_DNS.
- D. The health-check VPN_PING orders the members according to the measured jitter.
Question #7
Refer to the exhibits.
Exhibit A shows two IPsec templates to define Branch_IPsec_1 and Branch_IPsec_2. Each template defines a VPN tunnel.
Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device.
Which statement best explains the cause for this issue?
(Choose one answer)
- A. You can assign only one IPsec template to each FortiGate device.
- B. You can define only one IPsec tunnel from branch devices to HUB1.
- C. You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.
- D. You can assign only one template with a tunnel of type static to each FortiGate device.
Question #8
Refer to the exhibit that shows VPN event logs on FortiGate.
Based on the output shown in the exhibit, which statement is true?
(Choose one answer)
- A. There is one shortcut tunnel built from master tunnel T_MPLS_0.
- B. The master tunnel T_INET_0 cannot accept the ADVPN shortcut.
- C. There are no IPsec tunnel statistics log messages for ADVPN shortcuts.
- D. The VPN tunnel T_MPLS_0 is a shortcut tunnel.
Question #9
What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two answers)
- A. Packet duplication uses smaller parity packets which results in less bandwidth consumption.
- B. Packet duplication does not require a route to the destination.
- C. Packet duplication can leverage multiple IPsec overlays for sending additional data.
- D. Packet duplication supports hardware offloading.
Question #10
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two answers)
- A. It ensures consistent settings between phase1 and phase2.
- B. It guides the administrator to use Fortinet recommended settings.
- C. The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
- D. It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
What are two benefits of using CLI templates in FortiManager? (Choose two answers)