NSE7_SDW-7.2 Practice Exam Questions and Answers

A.  

It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.

B.  

It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.

C.  

It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.

D.  

It instructs the hub to skip content inspection on TCP traffic, to improve performance.

A.  

FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

B.  

By default, local-out traffic does not use SD-WAN.

C.  

By default, FortiGate does not check if the selected member has a valid route to the destination.

D.  

You must configure each local-out feature individually, to use SD-WAN.

A.  

Set priority 10.

B.  

Set cost 15.

C.  

Set load-balance-mode source-ip-ip-based.

D.  

Set source 100.64.1.1.

A.  

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.  

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.  

Three packets are exchanged between an initiator and a responder instead of six packets.

D.  

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

A.  

You can delete the virtual-wan-link zone because it contains no member.

B.  

The corporate zone contains no member.

C.  

You can move port1 from the underlay zone to the overlay zone.

D.  

The overlay zone contains four members.

A.  

diagnose sys sdwan sla-log

B.  

diagnose ays sdwan health-check

C.  

diagnose sys sdwan intf-sla-log

D.  

diagnose sys sdwan log

A.  

Traffic has matched none of the FortiGate policy routes.

B.  

Matched traffic failed RPF and was caught by the rule.

C.  

The FIB lookup resolved interface was the SD-WAN interface.

D.  

An absolute SD-WAN rule was defined and matched traffic.

A.  

Packet duplication can leverage multiple IPsec overlays for sending additional data.

B.  

Packet duplication does not require a route to the destination.

C.  

Packet duplication supports hardware offloading.

D.  

Packet duplication uses smaller parity packets which results in less bandwidth consumption.

A.  

type must be set to static.

B.  

mode-cfg must be enabled.

C.  

exchange-interface-ip must be enabled.

D.  

add-route must be disabled.

A.  

Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface.

B.  

In the traffic shaping policy, select Assign Shaping Class ID as Action.

C.  

In the firewall policy, select Proxy-based as Inspection Mode.

D.  

In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.