NSE7_SDW-6.4 Online Practice Questions and Answers

Which three parameters are available to configure SD-WAN rules? (Choose three.)

A. Application signatures

B. Type of physical link connection

C. URL categories

D. Source and destination IP address

E. Internet service database (ISDB) address object

Which feature enables SD-WAN to combine IPsec VPN dynamic shortcut tunnels between spokes and a static tunnel to the hub?

A. ADVPN

B. GRE

C. SSLVPN

D. OCVPN

Refer to the exhibits. Exhibit A:

Exhibit B:

Exhibit A shows the SD-WAN rules and exhibit B shows the traffic logs. The SD-WAN traffic logs reflect how FortiGate distributes traffic. Based on the exhibits, what are two expected behaviors when FortiGate processes SD-WAN traffic? (Choose two.)

A. The first Vimeo session may not match the Vimeo SD-WAN rule because the session is used for the application learning phase.

B. The implicit rule overrides all other rules because parameters widely cover sources and destinations.

C. The Vimeo SD-WAN rule steers Vimeo application traffic among all SD-WAN member interfaces.

D. SD-WAN rules are evaluated in the same way as firewall policies: from top to bottom.

Refer to the exhibit.

Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?

A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.

B. FortiGate has terminated the session after a change on policy ID 1.

C. Changes have been made on firewall policy ID 1 on FortiGate.

D. Firewall policy ID 1 has source NAT disabled.

Which statement defines how a per-IP traffic shaper of 10 Mbps is applied to the entire network?

A. FortiGate allocates each IP address a maximum 10 Mbps of bandwidth.

B. Each IP is guaranteed a minimum 10 Mbps of bandwidth

C. A single user uses the allocated bandwidth divided by total number of users.

D. The 10 Mbps bandwidth is shared equally among the IP addresses.

Which diagnostic command can you use to show the SD-WAN rules interface information and state?

A. diagnose sys virtual-wan-link neighbor.

B. diagnose sys virtual--wan--link route-tag-list

C. diagnose sys virtual--wan--link member.

D. diagnose sys virtual-wan-link service

Refer to the exhibit.

Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

A. The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

B. The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

C. The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

D. The measured bandwidth is less than 100 KBps.

Refer to the exhibits.

ExhibitA shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

A. port2 is referenced in a static route.

B. port1 is assigned a manual IP address.

C. port1 and port2 are not administratively down.

D. port1 is referenced in a firewall policy.

Which two statements describe how IPsec phase 1 aggressive mode is different from main mode when performing IKE negotiation? (Choose two)

A. A peer ID is included in the first packet from the initiator, along with suggested security policies.

B. XAuth is enabled as an additional level of authentication, which requires a username and password.

C. A total of six packets are exchanged between an initiator and a responder instead of three packets.

D. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

What are two reasons why FortiGate would be unable to complete the zero-touch provisioning process? (Choose two.)

A. The FortiGate cloud key has not been added to the FortiGate cloud portal.

B. FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager

C. The zero-touch provisioning process has completed internally, behind FortiGate.

D. FortiGate has obtained a configuration from the platform template in FortiGate cloud.

E. A factory reset performed on FortiGate.