● NSE 6 – SD-WAN 7.6 Enterprise Administrator Exam Materials
Important notes:
ℹ️ For best results, please follow the answers provided on our website as the primary reference, as they are carefully verified and updated.
✅ Free online simulation will be enabled for all clients.
📘 To maximize your chances of success, we strongly recommend practicing thoroughly and achieving 100% at least three times in the simulation before taking the real exam. Lower scores, such as 95%, may not always guarantee passing.
ℹ️ For best results, please follow the answers provided on our website as the primary reference, as they are carefully verified and updated.
✅ Free online simulation will be enabled for all clients.
📘 To maximize your chances of success, we strongly recommend practicing thoroughly and achieving 100% at least three times in the simulation before taking the real exam. Lower scores, such as 95%, may not always guarantee passing.
Question #1
Question #2
You want FortiGate to use SD-WAN rules to steer ping local-out traffic.
Which two constraints should you consider?
(Choose two answers)
- A. You can steer local-out traffic only with SD-WAN rules that use the manual strategy
- B. By default, FortiGate uses SD-WAN rules only for local-out traffic that corresponds to ping and traceroute
- C. By default, local-out traffic does not use SD-WAN
- D. You must configure each local-out feature individually to use SD-WAN
Question #3
Refer to the exhibit.
What can you conclude from the output shown?
(Choose one answer)
- A. It is a spoke device. SD-WAN rule 3 is configured with nine members
- B. It is a spoke device. The members of SD-WAN rule 3 are grouped into two zones
- C. It's a hub device. It allowed the establishment of three auto-discovery VPN (ADVPN) shortcuts
- D. It is a spoke device. SD-WAN rule 4 allows three shortcuts tunnels
Question #4
Your FortiGate is in production. To optimize WAN link use and improve redundancy, you enable and configure SD-WAN.
What must you do as part of this configuration update process?
(Choose one answer)
- A. Purchase and install the SD-WAN license, and reboot the FortiGate device
- B. Disable the interface that you want to use as an SD-WAN member
- C. Replace references to interfaces used as SD-WAN members in the firewall policies
- D. Replace references to interfaces used as SD-WAN members in the routing configuration
Question #5
Refer to the exhibits.
To prepare to onboard FortiGate devices to your company's stores, you configure the device blueprint and CLI scripts shown in the exhibit. Then, a technician prepares a FortiGate 90G with a basic configuration and connects it to the network. The basic configuration contains the port1 configuration and the minimal configuration required to allow the device to connect to FortiManager.
After the device initially connects to FortiManager, FortiManager updates the device configuration.
Based on what is shown in the exhibits, which statement about the actions taken by FortiManager is true?
(Choose one answer)
- A. FortiManager updates the configuration of port1, port2, and port5. The three ports might get new IP addresses
- B. FortiManager updates access rights only for port1. FortiManager cannot update the IP address because it was already set manually
- C. FortiManager updates the device configuration according to the selected templates and it applies the corp_st template first
- D. FortiManager does not update the port1 configuration because FortiManager does not change the configuration of interfaces with FortiGate-FortiManager communication protocol (FGFM) access
Question #6
The administrator configured the IPsec tunnel VPN1 on a FortiGate device with the parameters shown in exhibit.
Based on the configuration, which three conclusions can you draw about the characteristics and requirements of the VPN tunnel?
(Choose three answers)
- A. The tunnel interface IP address on the spoke side is provided by the hub
- B. The remote end must support IKEv2
- C. The administrator must manually assign the tunnel interface IP address on the hub side
- D. This configuration allows user-defined overlay IP addresses
- E. The remote end can be a third-party IPsec device
Question #7
Refer to the exhibit.
You configure SD-WAN on a standalone FortiGate device.
You want to create an SD-WAN rule that steers traffic related to Facebook and LinkedIn through the less costly internet link.
What must you do to set Facebook and LinkedIn applications as destinations from the GUI?
(Choose one answer)
- A. Enable the visibility of the applications field as destinations of the SD-WAN rule
- B. In the Internet service field, select Facebook and LinkedIn
- C. You cannot configure applications as destinations of an SD-WAN rule on a standalone FortiGate device
- D. Install a license to allow applications as destinations of SD-WAN rules
Question #8
What are three characteristics of the provisioning templates available on FortiManager? (Choose three answers)
- A. A template group can include a system template and an SD-WAN template
- B. A CLI template group can contain CLI templates of different types
- C. Each template group can contain up to three IPsec tunnel templates
- D. A CLI template can be of type CLI script or Perl script
- E. CLI templates are applied in order, from top to bottom
Question #9
You configure the SD-WAN rule ID 4 with two members (port1 and port2) and the strategy lowest cost (SLA).
Which two statements about the session shown in the exhibit are true?
Note from Brave-Dumps: If on the exam asked to choose one answer only, please choose C only
(Choose two answers)
- A. FortiGate will reevaluate this session if the outgoing interface goes down
- B. FortiGate will reevaluate this session if you update the routing table
- C. FortiGate steered this flow according to the SD-WAN rule 4
- D. FortiGate steered this flow according to the application detected and the outgoing interface is port3
Question #10
Which statement describes FortiGate behavior when you reference a zone in a static route? (Choose one answer)
- A. FortiGate installs a static route for the first active members of the zone
- B. FortiGate installs a static route for each member in the zone
- C. FortiGate routes the traffic through the best performing member of the zone
- D. FortiGate ignores the static routes defined through members referenced in the zone
Refer to the exhibit.
The event log on a FortiGate device is shown.
Based on the output shown in the exhibit, what can you conclude about the tunnels on this device? (Choose one answer)