● NSE 7—SD-WAN 7.2 Exam Materials

Please note that the exam "NSE 7—SD-WAN 7.2 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 – SD-WAN 7.6 Enterprise Administrator"

The new exam version is available on Brave-Dumps and can be purchased.



Question #41
Comment Image Comment Image Comment Image

Refer to the exhibits.

ExhibitA shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.

Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
. (Choose one answer)

  • A. port2 is referenced in a static route.
  • B. port1 is assigned a manual IP address.
  • C. port1 and port2 are not administratively down.
  • D. port1 is referenced in a firewall policy.

Question #42
Comment Image Comment Image Comment Image

Which three matching traffic criteria are available in SD-WAN rules? (Choose three answers)

  • A. Type of physical link connection
  • B. Source and destination IP address
  • C. URL categories
  • D. Application categories
  • E. Internet service database (ISDB) address object

Question #43
Comment Image Comment Image Comment Image

Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members? (Choose one answer)

  • A. diagnose sys sdwan service
  • B. diagnose sys sdwan interface
  • C. diagnose sys sdwan zone
  • D. diagnose sys sdwan member

Question #44
Comment Image Comment Image Comment Image

Refer to exhibits.

Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.

FortiGate is not performing traffic shaping as expected, based on the policies shown in the exhibits.

To correct this traffic shaping issue on FortiGate, what configuration change must be made on which policy? (Choose one answer)

  • A. The URL category must be specified on the traffic shaping policy.
  • B. The shaper mode must be applied per-IP shaper on the traffic shaping policy.
  • C. The web filter profile must be enabled on the firewall policy.
  • D. The application control profile must be enabled on the firewall policy.

Question #45
Comment Image Comment Image Comment Image

Refer to the exhibit.

The device exchanges routes using IBGP.

Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two answers)

  • A. Each BGP route is three hops away from the destination.
  • B. ibgp-multipath is disabled.
  • C. You can run the get router info routing-table database command to display the additional paths.
  • D. additional-path is enabled.

Question #46
Comment Image Comment Image Comment Image

Refer to the exhibits.

Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two answers)

  • A. The phase 1 configuration supports the network-overlay setting.
  • B. FortiGate does not install IPsec static routes for remote protected networks in the routing table.
  • C. UDP port 4500 is used for IPsec VPN traffic (ESP).
  • D. FortiGate facilitated the negotiation of the T_INET_1_0 ADVPN shortcut over T_INET_1.

Question #47
Comment Image Comment Image Comment Image

Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.

What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN? (Choose one answer)

  • A. You must disable idle-timeout.
  • B. You must set ike-version to 1.
  • C. You must enable auto-discovery-sender.
  • D. You must enable net-device.

Question #48
Comment Image Comment Image Comment Image

Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.

Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two answers)

  • A. T_INET_0_0 does not have a valid route to the destination.
  • B. T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
  • C. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
  • D. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.

Question #49
Comment Image Comment Image Comment Image

Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.

Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member? (Choose one answer)

  • A. When T_INET_0_0 has a latency of 250 ms.
  • B. When T_MPLS_0 has a latency of 80 ms.
  • C. When T_INET_0_0 and T_MPLS_0 have the same latency.
  • D. When T_MPLS_0 has a latency of 100 ms.

Question #50
Comment Image Comment Image Comment Image

Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules? (Choose one answer)

  • A. All traffic from a source IP to a destination IP is sent to the same interface.
  • B. All traffic from a source IP is sent to the same interface.
  • C. All traffic from a source IP is sent to the most used interface.
  • D. All traffic from a source IP to a destination IP is sent to the least used interface.