● NSE 7—SD-WAN 7.2 Exam Materials
Please note that the exam "NSE 7—SD-WAN 7.2 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 – SD-WAN 7.6 Enterprise Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 – SD-WAN 7.6 Enterprise Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
Question #21
Question #22
Which three characteristics apply to provisioning templates available on FortiManager? (Choose three answers)
- A. You cannot apply a system template and CLI template to the same FortiGate device.
- B. A CLI template can be of type CLI script or Perl script.
- C. A CLI template group can contain CLI templates of both types.
- D. A template group can include a system template and an SD-WAN template.
- E. CLI templates are applied in order, from top to bottom.
Question #23
Refer to the exhibit.
Which conclusion about the packet debug flow output is correct?
(Choose one answer)
- A. The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped.
- B. The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
- C. The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped.
- D. The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.
Question #24
Which two statements about SLA targets and SD-WAN rules are true? (Choose two answers)
- A. SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.
- B. Member metrics are measured only if an SLA target is configured.
- C. When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.
- D. SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.
Question #25
Refer to the exhibit.
Based on the exhibit which action does FortiGate take?
(Choose one answer)
- A. FortiGate brings down port5 after it detects all SD-WAN members as dead.
- B. FortiGate brings up port5 after it detects all SD-WAN members as alive.
- C. FortiGate bounces port5 after it detects all SD-WAN members as dead.
- D. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
Question #26
Refer to the exhibit.
Which are two expected behaviors of the traffic that matches the traffic shaper?
(Choose two answers)
- A. The number of simultaneous connections among all source IP addresses cannot exceed five connections.
- B. The traffic shaper limits the combined bandwidth of all connections to a maximum of 5 MB/sec.
- C. The number of simultaneous connections allowed for each source IP address cannot exceed five connections.
- D. The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec.
Question #27
Refer to the exhibits.
Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10. Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration.
The administrator wants to steer corporate traffic using route tags in the SD- WAN rule ID 1. However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.
Based on the exhibits, which configuration change is required to fix the issue?
(Choose one answer)
- A. In the dc1-lan-rm route map configuration, set set-route-tag to 10.
- B. In SD-WAN rule ID 1, change the destination to use ISDB entries.
- C. In the dc1-lan-rm route map configuration, unset match-community.
- D. In the BGP neighbor configuration, apply the route map dc1-lan-rm in the outbound direction.
Question #28
Refer to the exhibit.
Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2.
Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut?
(Choose two answers)
- A. On the hubs, net-device must be enabled on all IPsec VPNs.
- B. auto-discovery-forwarder must be enabled on all IPsec VPNs.
- C. On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub.
- D. On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.
Question #29
Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation? (Choose one answer)
- A. get router info routing-table all
- B. get ipsec tunnel list
- C. diagnose vpn tunnel list
- D. diagnose debug application ike
Question #30
Refer to the exhibit.
Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change?
(Choose two answers)
- A. FortiGate terminates the old sessions.
- B. FortiGate evaluates new sessions.
- C. FortiGate does not change existing sessions.
- D. FortiGate flushes all sessions.
Refer to the exhibit.
The exhibit shows output of the command diagnose sys sdwan service collected on a FortiGate device.
The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HQ servers 10.0.0.1.
Based on the exhibits, which two statements are correct? (Choose two answers)