● NSE 7—SD-WAN 7.2 Exam Materials
Please note that the exam "NSE 7—SD-WAN 7.2 Exam" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 – SD-WAN 7.6 Enterprise Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 – SD-WAN 7.6 Enterprise Administrator"
The new exam version is available on Brave-Dumps and can be purchased.
Question #71
Question #72
Refer to the exhibit.
Which statement explains the output shown in the exhibit?
(Choose one answer)
- A. FortiGate performed standard FIB routing on the session.
- B. FortiGate will not re-evaluate the session following a firewall policy change.
- C. FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.
- D. FortiGate must re-evaluate the session due to routing change.
Question #73
What does enabling the exchange-interface-ip setting enable FortiGate devices to exchange? (Choose one answer)
- A. The tunnel ID of their IPsec interfaces.
- B. The name of their IPsec interfaces.
- C. The gateway address of their IPsec interfaces.
- D. The IP address of their IPsec interfaces.
Question #74
Refer to the exhibits.
An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.
After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why the traffic matched the implicit SD-WAN rule?
(Choose two answers)
- A. FortiGate did not refresh the routing information on the session after the application was detected.
- B. Port1 and port2 do not have a valid route to the destination.
- C. Full SSL inspection is not enabled on the matching firewall policy.
- D. The session 3-tuple did not match any of the existing entries in the ISDB application cache.
Question #75
Refer to the exhibit.
The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading.
Based on the information shown in the exhibits, which two statements about the session are true?
(Choose two answers)
- A. The main session cannot be offloaded to hardware.
- B. The original direction of the symmetric traffic flows from port3 to port2.
- C. The reply direction of the asymmetric traffic flows from port2 to port3.
- D. The auxiliary session can be offloaded to hardware.
Question #76
Refer to the exhibit.
The exhibit shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?
(Choose one answer)
- A. When all three members have the same packet loss.
- B. When T_INET_0_0 has 4% packet loss.
- C. When T_INET_0_0 has 12% packet loss.
- D. When T_INET_1_0 has 4% packet loss.
Question #77
Refer to the exhibit.
In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs?
(Choose one answer)
- A. It instructs the hub to skip content inspection on TCP traffic, to improve performance.
- B. It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
- C. It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.
- D. It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.
Question #78
Refer to the exhibits.
Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on a FortiGate device acting as the sender. Exhibit B shows the sniffer output on a FortiGate device acting as the receiver.
The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1.
Based on the output shown in the exhibits, which two reasons can cause the observed behavior?
(Choose two answers)
- A. The ICMP echo request packets sent over T_INET_0 and T_MPLS were dropped along the way.
- B. On the receiver FortiGate, packet-de-duplication is enabled.
- C. On the sender FortiGate, duplication-max-num is set to 3.
- D. The sender FortiGate has anti-replay enabled to block duplicate ICMP replies.
Question #79
What is a benefit of using application steering in SD-WAN? (Choose one answer)
- A. The traffic always skips the regular policy routes.
- B. You do not need to configure firewall policies that accept the SD-WAN traffic.
- C. You steer traffic based on the detected application.
- D. You do not need to enable SSL inspection.
Question #80
Refer to the exhibit.
Which two SD-WAN template member settings support the use of FortiManager meta fields?
(Choose two answers)
- A. Priority
- B. Cost
- C. Interface member
- D. Gateway IP
Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two answers)