Prepare yourself for success in the Fortinet NSE 7 – SD-WAN 7.2 (NSE7_SDW-7.2) exam, where your knowledge and expertise in Fortinet’s SD-WAN solution will be put to the test. This certification evaluates your applied knowledge in integrating, administrating, troubleshooting, and centrally managing a secure SD-WAN solution. Focus areas include Fortinet products such as FortiOS 7.2.4, FortiManager 7.2.2, and FortiAnalyzer 7.2.2.
Contents
- 1 1.Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?
- 2 2.Refer to the exhibits.
- 3 3.Refer to the exhibit.
- 4 4.Refer to the exhibits.
- 5 5.Which two statements about SD-WAN central management are true? (Choose two.)
- 6 6.Which conclusion about the packet debug flow output is correct?
- 7 7.Which are two benefits of using CLI templates in FortiManager? (Choose two.)
- 8 8.What is the route-tag setting in an SD-WAN rule used for?
- 9 9.Refer to the exhibit.
1.Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?
A. get router info routing-table all
B. diagnose debug application ike
C. diagnose vpn tunnel list
D. get ipsec tunnel list
Answer: B
2.Refer to the exhibits.
Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
A. port1 is assigned a manual IP address.
B. port1 is referenced in a firewall policy.
C. port2 is referenced in a static route.
D. port1 and port2 are not administratively down.
Answer: B
3.Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0. Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
A. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
B. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
C. T_INET_0_0 does not have a valid route to the destination.
D. T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
Answer: A – C
4.Refer to the exhibits.
Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
A. FortiGate flushes all sessions.
B. FortiGate terminates the old sessions.
C. FortiGate does not change existing sessions.
D. FortiGate evaluates new sessions.
Answer: C – D
5.Which two statements about SD-WAN central management are true? (Choose two.)
A. The objects are saved in the ADOM common object database.
B. It does not support meta fields.
C. It uses templates to configure SD-WAN on managed devices.
D. It supports normalized interfaces for SD-WAN member configuration.
Answer: A – C
6.Which conclusion about the packet debug flow output is correct?
A. The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrentsessions configured in the traffic shaper, and the packet was dropped.
B. The packet size exceeded the outgoing interface MTU.
C. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.
D. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent
sessions configured in the firewall policy, and the packet was dropped.
Answer: C
7.Which are two benefits of using CLI templates in FortiManager? (Choose two.)
A. You can reference meta fields.
B. You can configure interfaces as SD-WAN members without having to remove references first.
C. You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.
D. You can configure advanced CLI settings.
Answer: A – D
8.What is the route-tag setting in an SD-WAN rule used for?
A. To indicate the routes for health check probes.
B. To indicate the destination of a rule based on learned BGP prefixes.
C. To indicate the routes that can be used for routing SD-WAN traffic.
D. To indicate the members that can be used to route SD-WAN traffic.
Answer: B
9.Refer to the exhibit.
The exhibit shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?
A. When T_INET_0_0 and T_MPLS_0 have the same latency.
B. When T_MPLS_0 has a latency of 100 ms.
C. When T_INET_0_0 has a latency of 250 ms.
D. When T_N1PLS_0 has a latency of 80 ms.
