• Home
  • Articles
  • NSE7_SDW-7.2 Free Certification Exam Easy to Download PDF Format 2024 [Q32-Q55]

NSE7_SDW-7.2 Free Certification Exam Easy to Download PDF Format 2024 [Q32-Q55]

Share

NSE7_SDW-7.2 Free Certification Exam Easy to Download PDF Format 2024

Get 100% Success with Latest NSE 7 Network Security Architect NSE7_SDW-7.2 Exam Dumps

NEW QUESTION # 32
What is a benefit of using application steering in SD-WAN?

  • A. You do not need to configure firewall policies that accept the SD-WAN traffic.
  • B. The traffic always skips the regular policy routes.
  • C. You steer traffic based on the detected application.
  • D. You do not need to enable SSL inspection.

Answer: C


NEW QUESTION # 33
Refer to the exhibits.
Exhibit A

Exhibit B

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.
Based on the exhibits, which two statements are correct? (Choose two.)

  • A. FortiGate updated the outgoing interface list on the rule so it prefers port2.
  • B. Port2 has the highest member priority.
  • C. Port2 has a lower latency than port1.
  • D. SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

Answer: A,C


NEW QUESTION # 34
Which diagnostic command can you use to show the member utilization statistics measured by performance
SLAs for the last 10 minutes?

  • A. diagnose ays sdwan health-check
  • B. diagnose sys sdwan sla-log
  • C. diagnose sys sdwan intf-sla-log
  • D. diagnose sys sdwan log

Answer: B


NEW QUESTION # 35
Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

  • A. link-down-failover
  • B. auto-discovery-shortcuts
  • C. idle-timeout
  • D. hold-down-time

Answer: D


NEW QUESTION # 36
Refer to the exhibit.

Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.)

  • A. FortiGate can offload the traffic that is subject to passive monitoring to hardware.
  • B. FortiGate passively monitors the member if TCP traffic is passing through the member.
  • C. During passive monitoring, FortiGate can't detect dead members.
  • D. After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.

Answer: B,C


NEW QUESTION # 37
Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

  • A. T_INET_0_0 does not have a valid route to the destination.
  • B. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
  • C. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
  • D. T_INET_1_0 has a higher member configuration priority than T_INET_0_0.

Answer: A,B


NEW QUESTION # 38
Refer to the exhibit.

Based on the exhibit, which action does FortiGate take?

  • A. FortiGate bounces port5 after it detects all SD-WAN members as dead.
  • B. FortiGate brings up port5 after it detects all SD-WAN members as alive.
  • C. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
  • D. FortiGate brings down port5 after it detects all SD-WAN members as dead.

Answer: C


NEW QUESTION # 39
Refer to the exhibits.
Exhibit A

Exhibit B

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.
Based on the exhibits, which two statements are correct? (Choose two.)

  • A. FortiGate updated the outgoing interface list on the rule so it prefers port2.
  • B. Port2 has the highest member priority.
  • C. Port2 has a lower latency than port1.
  • D. SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

Answer: A,C


NEW QUESTION # 40
Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose two.)

  • A. FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.
  • B. FortiGate flushes all routing information from the session table, after a route change.
  • C. FortiGate performs routing lookups for new sessions only, after a route change.
  • D. FortiGate always blocks all traffic, after a route change.

Answer: A,C


NEW QUESTION # 41
The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by
the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three
mandatory post-run tasks that must be performed? (Choose three.)

  • A. Assign an sdwan_id metadata variable to each device (branch and hub}.
  • B. Configure routing through overlay tunnels created by the SD-WAN overlay template.
  • C. Create policy packages for branch devices.
  • D. Configure SD-WAN rules.
  • E. Assign a branch_id metadata variable to each branch device.

Answer: A,B,C


NEW QUESTION # 42
In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose
two.)

  • A. It provides the benefits of a full-mesh topology in a hub-and-spoke network.
  • B. It enables spokes to establish shortcuts to third-party gateways.
  • C. It provides direct connectivity between spokes by creating shortcuts.
  • D. It enables spokes to bypass the hub during shortcut negotiation.

Answer: A,C


NEW QUESTION # 43
What does enabling theexchange-interface-ipsetting enable FortiGate devices to exchange?

  • A. The IP address of their IPsec interfaces
  • B. The gateway address of their IPsec interfaces
  • C. The name of their IPsec interfaces
  • D. The tunnel ID of their IPsec interfaces

Answer: A


NEW QUESTION # 44
In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the
default implicit SD-WAN rule? (Choose two )

  • A. Matched traffic failed RPF and was caught by the rule.
  • B. Traffic has matched none of the FortiGate policy routes.
  • C. An absolute SD-WAN rule was defined and matched traffic.
  • D. The FIB lookup resolved interface was the SD-WAN interface.

Answer: B,D


NEW QUESTION # 45
What three characteristics apply to provisioning templates available on FortiManager? (Choose three.)

  • A. A template group can include a system template and an SD-WAN template.
  • B. Templates are applied in order, from top to bottom.
  • C. You can apply a system template and a CLI template to the same FortiGate device.
  • D. A CLI template can be of type CLI script or Perl script.
  • E. A template group can contain CLI templates of both types.

Answer: B,D,E

Explanation:
Explanation
According to the FortiManager Administration Guide, provisioning templates are used to configure FortiGate
devices in a consistent and efficient way. There are different types of templates, such as system, IPsec,
SD-WAN, certificate, and CLI templates. Some characteristics of provisioning templates are:
You can apply a system template and a CLI template to the same FortiGate device, as long as they do
not have conflicting settings1.
A CLI template can be of type CLI script or Perl script. A CLI script template contains FortiOS CLI
commands, while a Perl script template contains Perl code that can generate FortiOS CLI commands2.
A template group can include a system template and an SD-WAN template, as well as other types of
templates. A template group is a collection of templates that can be applied to multiple devices at once3.
A template group can contain CLI templates of both types, as long as they do not have conflicting
settings2.
Templates are applied in order, from top to bottom. The order of the templates in a template group
determines the order in which they are applied to the devices3.


NEW QUESTION # 46
Refer to the exhibit.

Based on the output, which two conclusions are true? (Choose two.)

  • A. The all_rules rule represents the implicit SD-WAN rule.
  • B. The SD-WAN rules take precedence over regular policy routes.
  • C. Entry 1(id=1) is a regular policy route.
  • D. There is more than one SD-WAN rule configured.

Answer: C,D


NEW QUESTION # 47
Refer to the exhibit.

Which two SD-WAN template member settings support the use of FortiManager meta fields? (Choose two.)

  • A. Cost
  • B. Priority
  • C. Gateway IP
  • D. Interface member

Answer: C,D


NEW QUESTION # 48
Refer to the exhibits.
Exhibit A -

Exhibit B -

Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.
The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.
Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?

  • A. Application control must be enabled on the firewall policy.
  • B. Web filtering must be enabled on the firewall policy.
  • C. Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.
  • D. Destination internet service must be enabled on the traffic shaping policy.

Answer: A


NEW QUESTION # 49
Refer to the exhibits.
Exhibit A -

Exhibit B -

Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B
shows the system global and system settings configuration on dc1_fgt.
When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the
reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching
SD-WAN rule.
Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so
dc1_fgt routes the reply traffic over T_INET_1_0?

  • A. Enable snat-route-change under config system global.
  • B. Enable auxiliary-session under config system settings.
  • C. Disable allow-subnet-overlap under config system settings.
  • D. Disable tp-session-without-syn under config system settings.

Answer: D


NEW QUESTION # 50
Refer to the exhibit.

Which statement explains the output shown in the exhibit?

  • A. FortiGate performed standard FIB routing on the session.
  • B. FortiGate must re-evaluate the session due to routing change.
  • C. FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.
  • D. FortiGate will not re-evaluate the session following a firewall policy change.

Answer: B

Explanation:
The snat-route-change option is enabled by default. This option enables FortiGate to re-evaluate the routing table and select a new egress interface if the next hop IP address changes. This option only applies to sessions in the dirty state. Sessions in the log state are not affected by routing changes.


NEW QUESTION # 51
Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose
two.)

  • A. FortiGate flushes all routing information from the session table, after a route change.
  • B. FortiGate does not change the routing information on existing sessions that use a valid gateway, after a
    route change.
  • C. FortiGate performs routing lookups for new sessions only, after a route change.
  • D. FortiGate always blocks all traffic, after a route change.

Answer: B,C


NEW QUESTION # 52
Refer to the exhibit.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

  • A. Dead peer detection is disabled.
  • B. FortiGate does not install IPsec static routes for remote protected networks in the routing table. Most Voted
  • C. The phase 1 configuration supports the network-overlay setting. Most Voted
  • D. FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.

Answer: B,C


NEW QUESTION # 53
Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

  • A. Specify a unique peer ID for each dial-up VPN interface.
  • B. Use unique Diffie Hellman groups on each VPN interface.
  • C. Use different proposals are used between the interfaces.
  • D. Configure the IKE mode to be aggressive mode.

Answer: A,D


NEW QUESTION # 54
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

  • A. All SD-WAN rules have the default setting enabled.
  • B. The sdwan_service_id flag in the session information is 0.
  • C. Traffic does not match any of the entries in the policy route table.
  • D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Answer: B,C

Explanation:
sdwan_service_id is 0 = match SD-WAN implicit rule, study guide 7.0 page 120, 7.2 page 149 SD-WAN rules internally are interpreted as a Policy route, so when the traffic doesn't match with any policy route, it will be flowing by implict policy.


NEW QUESTION # 55
......

Get Ready to Pass the NSE7_SDW-7.2 exam Right Now Using Our NSE 7 Network Security Architect Exam Package: https://examcollection.actualcollection.com/NSE7_SDW-7.2-exam-questions.html

Related Articles

more
Fortinet NSE7_SDW-7.2 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy