Fortinet NSE7_SDW-6.4 Fortinet NSE 7 – SD-WAN 6.4 Online Training
Fortinet NSE7_SDW-6.4 Online Training
The questions for NSE7_SDW-6.4 were last updated at Jan 03,2025.
- Exam Code: NSE7_SDW-6.4
- Exam Name: Fortinet NSE 7 - SD-WAN 6.4
- Certification Provider: Fortinet
- Latest update: Jan 03,2025
In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two)
- A . Traffic has matched none of the FortiGate policy routes.
- B . Matched traffic failed RPF and was caught by the rule.
- C . The FIB lookup resolved interface was the SD-WAN interface.
- D . An absolute SD-WAN rule was defined and matched traffic.
Refer to the exhibits.
Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member and the static routes configuration.
If port2 is detected dead by FortiGate, which expected behavior is correct?
- A . Port2 becomes alive after one successful probe is detected.
- B . The SD-WAN interface becomes disabled and port1 becomes the WAN interface.
- C . Dead members require manual administrator access to bring them back alive.
- D . Subnets 10.0.20.0/23 and 172.20.0.0/16 are reachable only through port1.
Refer to exhibits.
Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members.
Based on the exhibits, which statement is correct?
- A . The dead member interface stays unavailable until an administrator manually brings the interface back.
- B . Port2 needs to wait 500 milliseconds to change the status from alive to dead.
- C . Static routes using port2 are active in the routing table.
- D . FortiGate has not received three consecutive requests from the SLA server configured for port2.
Which three performance SLA protocols are available on the FortiGate CLI only? (Choose three.)
- A . tcp-echo
- B . icmp
- C . twamp
- D . udp-echo
- E . smtp
A,C,D
Explanation:
Command output from a fortigate:
FW-01 (test-health-check) # set protocol ping Use PING to test the link with the server.
tcp-echo Use TCP echo to test the link with the server.
udp-echo Use UDP echo to test the link with the server.
http Use HTTP-GET to test the link with the server.
twamp Use TWAMP to test the link with the server.
dns Use DNS query to test the link with the server.
tcp-connect Use a full TCP connection to test the link with the server.
ftp Use FTP to test the link with the server.
Refer to the exhibit.
Based on output shown in the exhibit, which two commands can be used by SD-WAN rules? (Choose two.)
- A . set cost 15.
- B . set source 100.64.1.1.
- C . set priority 10.
- D . set load-balance-mode source-ip-based.
Refer to the exhibit.
Which statement about the trace evaluation by FortiGate is true?
- A . Packets exceeding the configured maximum concurrent connection limit are denied by the per-IP shaper.
- B . The packet exceeded the configured bandwidth and was dropped based on the priority configuration.
- C . The packet exceeded the configured maximum bandwidth and was dropped by the shared shaper.
- D . Packets exceeding the configured concurrent connection limit are dropped based on the
priority
configuration.
A
Explanation:
SD-WAN 6.4.5 Study Guide. pg 137
Which three protocols are available only on the command line to configure as performance SLA status check? (Choose three.)
- A . smtp
- B . tcp-echo
- C . twamp
- D . udp-echo
- E . icmp
Refer to the exhibit.
Which two statements about the status of the VPN tunnel are true? (Choose two)
- A . There are separate virtual interfaces for each dial-up client.
- B . VPN static routes are prevented from populating the FortiGate routing table.
- C . FortiGate created a single IPsec virtual interface that is shared by all clients.
- D . 100.64.3.1 is one of the remote IP address that comes through index interface 1.
C,D
Explanation:
If net-device is disabled, FortiGate creates a single IPSEC virtual interface that is shared by all IPSEC clients connecting to the same dialup VPN. In this case, the tunnel-search setting determines how FortiGate learns the network behind each remote client.
What is the purpose of a predefined template on the FortiAnalyzer?
- A . It can be edited and modified as required
- B . It specifies the report layout which contains predefined texts, charts, and macros
- C . It specifies report settings which contains time period, device selection, and schedule
- D . It contains predefined data to generate mock reports
B
Explanation:
FortiAnalyzer 6.4 Study Guide page 197
Which feature enables SD-WAN to combine IPsec VPN dynamic shortcut tunnels between spokes and a static tunnel to the hub?
- A . ADVPN
- B . GRE
- C . SSLVPN
- D . OCVPN
Latest NSE7_SDW-6.4 Dumps Valid Version with 35 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
