● NSE 7—SD-WAN 7.2 Exam Materials
Please note that the exam "NSE 7—SD-WAN 7.2 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 – SD-WAN 7.6 Enterprise Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 – SD-WAN 7.6 Enterprise Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
Question #31
Question #32
Refer to the exhibits.
Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.
The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.
Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?
(Choose one answer)
- A. Destination internet service must be enabled on the traffic shaping policy.
- B. Application control must be enabled on the firewall policy.
- C. Web filtering must be enabled on the firewall policy.
- D. Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.
Question #33
Which statement is correct about SD-WAN and ADVPN? (Choose one answer)
- A. Routes for ADVPN shortcuts must be manually configured.
- B. SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.
- C. SD-WAN does not monitor the health and performance of ADVPN shortcuts.
- D. You must use IKEv2 on IPsec tunnels.
Question #34
Refer to the exhibit.
Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London?
(Choose two answers)
- A. London generates an IKE information message that contains the Toronto public IP address.
- B. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
- C. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
- D. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
Question #35
Which two interfaces are considered overlay links? (Choose two answers)
- A. LAG
- B. IPsec
- C. Physical
- D. GRE
Question #36
Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth? (Choose one answer)
- A. Interface-based shaping mode
- B. Reverse-policy shaping mode
- C. Shared-policy shaping mode
- D. Per-IP shaping mode
Question #37
Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two answers)
- A. Encapsulating Security Payload (ESP)
- B. Secure Shell (SSH)
- C. Internet Key Exchange (IKE)
- D. Security Association (SA)
Question #38
Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two answers)
- A. http
- B. icmp
- C. twamp
- D. dns
Question #39
Refer to the exhibit.
Which two conclusions for traffic that matches the traffic shaper are true?
(Choose two answers)
- A. The traffic shaper drops packets if the bandwidth is less than 2500 KBps.
- B. The measured bandwidth is less than 100 KBps.
- C. The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.
- D. The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.
Question #40
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes? (Choose one answer)
- A. diagnose sys sdwan sla-log
- B. diagnose sys sdwan log
- C. diagnose sys sdwan health-check
- D. diagnose sys sdwan intf-sla-log
What are two characteristics of the internet service database (ISDB) in an SD-WAN rule? (Choose two answers)