• Home
  • Articles
  • Pass Fortinet NSE7_SDW-7.2 Exam With Practice Test Questions Dumps Bundle [Q47-Q71]

Pass Fortinet NSE7_SDW-7.2 Exam With Practice Test Questions Dumps Bundle [Q47-Q71]

Share

Pass Fortinet NSE7_SDW-7.2 Exam With Practice Test Questions Dumps Bundle

2024 Valid NSE7_SDW-7.2 test answers & Fortinet Exam PDF

NEW QUESTION # 47
Refer to the exhibit.

Which are two expected behaviors of the traffic that matches the traffic shaper? (Choose two.)

  • A. The traffic shaper limits the combined bandwidth of all connections to a maximum of 5 MB/sec.
  • B. The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec.
  • C. The number of simultaneous connections allowed for each source IP address cannot exceed five connections.
  • D. The number of simultaneous connections among all source IP addresses cannot exceed five connections.

Answer: B,C


NEW QUESTION # 48
Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available
bandwidth?

  • A. Interface-based shaping mode
  • B. Reverse-policy shaping mode
  • C. Shared-policy shaping mode
  • D. Per-IP shaping mode

Answer: A

Explanation:
Explanation
Interface-based shaping goes further, enabling traffic controls based on percentage of the interface bandwidth.


NEW QUESTION # 49
Refer to the exhibits.
Exhibit A

Exhibit B

Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the
application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay
zone status.
Based on the exhibits, which two statements are correct about the health and performance of port1 and port2?
(Choose two.)

  • A. FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing
    through the member.
  • B. Non-TCP Facebook and YouTube traffic are not used for performance measurement.
  • C. FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.
  • D. The performance is an average of the metrics measured for Facebook and YouTube traffic passing
    through the member.

Answer: B,D

Explanation:
Explanation
Study Guide 7.2, pages 103 - 104. Another comment said "because without using application Control on the
firewall policy, SDWAN can't work" but there is a app control "default" defined on config.


NEW QUESTION # 50
What are two reasons why FortiGate would be unable to complete the zero-touch provisioning process?
(Choose two.)

  • A. A factory reset performed on FortiGate.
  • B. The FortiGate cloud key has not been added to the FortiGate cloud portal.
  • C. The zero-touch provisioning process has completed internally, behind FortiGate.
  • D. FortiGate has obtained a configuration from the platform template in FortiGate cloud.
  • E. FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager

Answer: B,C


NEW QUESTION # 51
Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose two.)

  • A. FortiGate performs routing lookups for new sessions only, after a route change.
  • B. FortiGate flushes all routing information from the session table, after a route change.
  • C. FortiGate always blocks all traffic, after a route change.
  • D. FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change.

Answer: A,D


NEW QUESTION # 52
The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by
the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three
mandatory post-run tasks that must be performed? (Choose three.)

  • A. Configure SD-WAN rules.
  • B. Configure routing through overlay tunnels created by the SD-WAN overlay template.
  • C. Assign a branch_id metadata variable to each branch device.
  • D. Create policy packages for branch devices.
  • E. Assign an sdwan_id metadata variable to each device (branch and hub}.

Answer: B,D,E


NEW QUESTION # 53
Which two interfaces are considered overlay links? (Choose two.)

  • A. GRE
  • B. IPsec
  • C. Physical
  • D. LAG

Answer: A,B


NEW QUESTION # 54
Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

  • A. Use different proposals are used between the interfaces.
  • B. Specify a unique peer ID for each dial-up VPN interface.
  • C. Use unique Diffie Hellman groups on each VPN interface.
  • D. Configure the IKE mode to be aggressive mode.

Answer: B,D


NEW QUESTION # 55
Refer to the exhibit.

The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate
appliance that supports hardware offloading. Based on the information shown in the exhibits, which two
statements about the session are true? (Choose two.)

  • A. The reply direction of the asymmetric traffic flows from port2 to port3.
  • B. The main session cannot be offloaded to hardware.
  • C. The original direction of the symmetric traffic flows from port3 to port2.
  • D. The auxiliary session can be offloaded to hardware.

Answer: A,D


NEW QUESTION # 56
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

  • A. The sdwan_service_id flag in the session information is 0.
  • B. All SD-WAN rules have the default setting enabled.
  • C. Traffic does not match any of the entries in the policy route table.
  • D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Answer: A,C

Explanation:
Explanation
sdwan_service_id is 0 = match SD-WAN implicit rule, study guide 7.0 page 120, 7.2 page 149 SD-WAN rules
internally are interpreted as a Policy route, so when the traffic doesn't match with any policy route, it will be
flowing by implict policy.


NEW QUESTION # 57
Refer to the exhibits.
Exhibit A -

Exhibit B -

Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.
The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator
determines that FortiGate does not apply traffic shaping on YouTube traffic.
Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs
traffic shaping on YouTube traffic?

  • A. Web filtering must be enabled on the firewall policy.
  • B. Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.
  • C. Application control must be enabled on the firewall policy.
  • D. Destination internet service must be enabled on the traffic shaping policy.

Answer: C


NEW QUESTION # 58
Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred
member?

  • A. When T_INET_1_0 has 4% packet loss.
  • B. When T_INET_0_0 has 4% packet loss.
  • C. When all three members have the same packet loss.
  • D. When T_INET_0_0 has 12% packet loss.

Answer: C


NEW QUESTION # 59
Exhibit.

Which conclusion about the packet debug flow output is correct?

  • A. The packet size exceeded the outgoing interface MTU.
  • B. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.
  • C. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.
  • D. The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped.

Answer: B

Explanation:
In a Per-IP shaper configuration, if an IP address exceeds the configured concurrent session limit, the message
"Denied by quota check" appears. SD-WAN 7.0 Study Guide page 287


NEW QUESTION # 60
Refer to the exhibit.

In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling theanti-replaysetting on
the hubs?

  • A. It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve
    performance.
  • B. It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
  • C. It instructs the hub to disable TCP sequence number check, which is required for TCP sessions
    originated from spokes to fail over back and forth between the hubs.
  • D. It instructs the hub to skip content inspection on TCP traffic, to improve performance.

Answer: C


NEW QUESTION # 61
Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

  • A. link-down-failover
  • B. hold-down-time
  • C. idle-timeout
  • D. auto-discovery-shortcuts

Answer: B


NEW QUESTION # 62
Which two statements about SD-WAN central management are true? (Choose two.)

  • A. It uses templates to configure SD-WAN on managed devices.
  • B. The objects are saved in the ADOM common object database.
  • C. It does not support meta fields.
  • D. It supports normalized interfaces for SD-WAN member configuration.

Answer: A,B

Explanation:
Explanation
Normalized interfaces are not supported for SD-WAN templates. You can create multiple SD-WAN zones and
add interface members to the SD-WAN zones. You must bind the interface members by name to physical
interfaces or VPN
interfaces.https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-new-features/794804/new-sd-wan-template-


NEW QUESTION # 63
Refer to the exhibit.

Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?

  • A. All traffic from a source IP to a destination IP is sent to the same interface.
  • B. All traffic from a source IP is sent to the most used interface.
  • C. All traffic from a source IP to a destination IP is sent to the least used interface.
  • D. All traffic from a source IP is sent to the same interface.

Answer: A

Explanation:
Study Guide 7.2, page 176.


NEW QUESTION # 64
Refer to the exhibits.


An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.
After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why the traffic matched the implicit SD-WAN rule? (Choose two.)

  • A. FortiGate did not refresh the routing information on the session after the application was detected.
  • B. The session 3-tuple did not match any of the existing entries in the ISDB application cache.
  • C. Full SSL inspection is not enabled on the matching firewall policy.
  • D. Port1 and port2 do not have a valid route to the destination.

Answer: A,B

Explanation:
Study guide 7.2 Page 191


NEW QUESTION # 65
Which statement is correct about SD-WAN and ADVPN?

  • A. SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.
  • B. You must use IKEv2 on IPsec tunnels.
  • C. Routes for ADVPN shortcuts must be manually configured.
  • D. SD-WAN does not monitor the health and performance of ADVPN shortcuts.

Answer: A


NEW QUESTION # 66
In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose
two.)

  • A. It provides direct connectivity between spokes by creating shortcuts.
  • B. It provides the benefits of a full-mesh topology in a hub-and-spoke network.
  • C. It enables spokes to bypass the hub during shortcut negotiation.
  • D. It enables spokes to establish shortcuts to third-party gateways.

Answer: A,B


NEW QUESTION # 67
Refer to the exhibit.

The device exchanges routes using IBGP.
Which two statements are correct about the IBGP configuration and routing information on the device?
(Choose two.)

  • A. ibgp-multipath is disabled.
  • B. additional-path is enabled.
  • C. You can run the get router info routing-table database command to display the additional paths.
  • D. Each BGP route is three hops away from the destination.

Answer: B,C


NEW QUESTION # 68
Which two interfaces are considered overlay links? (Choose two.)

  • A. GRE
  • B. Physical
  • C. LAG
  • D. IPsec

Answer: C


NEW QUESTION # 69
Refer to the exhibit.

Which statement explains the output shown in the exhibit?

  • A. FortiGate will not re-evaluate the session following a firewall policy change.
  • B. FortiGate performed standard FIB routing on the session.
  • C. FortiGate must re-evaluate the session due to routing change.
  • D. FortiGate used192.2.0.1as the gateway for the original direction of the traffic.

Answer: C

Explanation:
Explanation
The snat-route-change option is enabled by default. This option enables FortiGate to re-evaluate the routing
table and select a new egress interface if the next hop IP address changes. This option only applies to sessions
in the dirty state. Sessions in the log state are not affected by routing changes.


NEW QUESTION # 70
Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.

What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?

  • A. You must enable net-device.
  • B. You must disable idle-timeout.
  • C. You must enable auto-discovery-sender.
  • D. You must set ike-version to 1.

Answer: A


NEW QUESTION # 71
......

Top Fortinet NSE7_SDW-7.2 Courses Online: https://actual4test.torrentvce.com/NSE7_SDW-7.2-valid-vce-collection.html

Related Articles

more
Fortinet NSE7_SDW-7.2 Certification Practice Exam

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

To help our candidate solve the difficulty in Real Exam, we prepared the Most Reliable Valid Study Torrent for the Exam Preparation. Our aim is help our candidates realize their ability by practicing our Updated Practice Torrent.

Copyright © 2026 TorrentVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy