Fortinet NSE7_SDW-7.2 Practice Exams
Last updated on Apr 03,2025- Exam Code: NSE7_SDW-7.2
- Exam Name: Fortinet NSE 7 - SD-WAN 7.2
- Certification Provider: Fortinet
- Latest update: Apr 03,2025
Refer to the exhibit.
Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)
- A . London generates an IKE information message that contains the Toronto public IP address.
- B . Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
- C . Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
- D . The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)
- A . http
- B . icmp
- C . twamp
- D . dns
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)
- A . The sdwan_service_id flag in the session information is 0.
- B . All SD-WAN rules have the default setting enabled.
- C . Traffic does not match any of the entries in the policy route table.
- D . Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
Which two interfaces are considered overlay links? (Choose two.)
- A . LAG
- B . IPsec
- C . Physical
- D . GRE
What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two.)
- A . Packet duplication can leverage multiple IPsec overlays for sending additional data.
- B . Packet duplication does not require a route to the destination.
- C . Packet duplication supports hardware offloading.
- D . Packet duplication uses smaller parity packets which results in less bandwidth consumption.
Refer to the exhibits.
Exhibit A –
Exhibit B
Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt.
Exhibit B shows the system global and system settings configuration on dc1_fgt.
When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule.
Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?
- A . Enable auxiliary-session under config system settings.
- B . Disable tсp-session-without-syn under config system settings.
- C . Enable snat-route-change under config system global.
- D . Disable allow-subnet-overlap under config system settings.
Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
- A . The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
- B . T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
- C . T_INET_0_0 does not have a valid route to the destination.
- D . T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
Refer to the exhibits.
Exhibit A
Exhibit B –
Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.
The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
- A . The traffic will be load balanced across all three overlays.
- B . The traffic will be routed over T_INET_0_0.
- C . The traffic will be routed over T_MPLS_0.
- D . The traffic will be routed over T_INET_1_0.
Refer to the exhibit.
Based on the exhibit, which action does FortiGate take?
- A . FortiGate bounces port5 after it detects all SD-WAN members as dead.
- B . FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
- C . FortiGate brings up port5 after it detects all SD-WAN members as alive.
- D . FortiGate brings down port5 after it detects all SD-WAN members as dead.
Refer to the exhibits.
Exhibit A
Exhibit B
Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.
Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)
- A . The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.
- B . FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.
- C . FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.
- D . Non-TCP Facebook and YouTube traffic are not used for performance measurement.