Fortinet NSE7_SDW-7.2 Fortinet NSE 7 – SD-WAN 7.2 Online Training
Fortinet NSE7_SDW-7.2 Online Training
The questions for NSE7_SDW-7.2 were last updated at Nov 17,2024.
- Exam Code: NSE7_SDW-7.2
- Exam Name: Fortinet NSE 7 - SD-WAN 7.2
- Certification Provider: Fortinet
- Latest update: Nov 17,2024
Exhibit.
The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device.
Which two statements are correct about the health check status on this FortiGate device? (Choose two.)
- A . The health-check VPN_PING orders the members according to the lowest jitter.
- B . The interface T_INET_1 missed one SLA target.
- C . There is no SLA criteria configured for the health-check Level3_DNS.
- D . The interface T_INET_0 missed three SLA targets.
AC
Explanation:
According to the FortiGate / FortiOS 6.4.2 Administration Guide, the health check status command displays the status of the health check probes for each SD-WAN member interface. The output includes the following information:
state: the current state of the interface, either alive or dead
packet-loss: the percentage of packets lost during the health check
latency: the average round-trip time in milliseconds
jitter: the variation in latency
mos: the mean opinion score, a measure of voice quality
bandwidth: the available bandwidth in kilobits per second for each direction (up, down, bi)
sla map: a bitmap that indicates which SLA criteria are met or failed
Based on the exhibit, the following statements are correct:
The health-check VPN_PING orders the members according to the lowest jitter. This means that the interface with the lowest jitter value is listed first, followed by the next lowest, and so on1. In the exhibit, the order is T_MPLS, T_INET_1, and T_INET_0.
There is no SLA criteria configured for the health-check Level3_DNS. This means that the health check does not use any SLA parameters to determine the state of the interface2. In the exhibit, the sla map value is 0x0 for both port1 and port2, indicating that no SLA criteria are applied.
Refer to the exhibits.
Exhibit A
Exhibit B –
Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.
The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
- A . The traffic will be load balanced across all three overlays.
- B . The traffic will be routed over T_INET_0_0.
- C . The traffic will be routed over T_MPLS_0.
- D . The traffic will be routed over T_INET_1_0.
Exhibit.
The exhibit shows VPN event logs on FortiGate.
In the output shown in the exhibit, which statement is true?
- A . There are no IPsec tunnel statistics log messages for ADVPN cuts.
- B . There is one shortcut tunnel built from master tunnel T_MPLS_0.
- C . The VPN tunnel T_MPLS_0 is a shortcut tunnel.
- D . The master tunnel T_INET_0 cannot accept the ADVPN shortcut.
B
Explanation:
VPN event logs record the status of VPN tunnels, such as the establishment, termination, or failure of a tunnel.
The output includes the following information:
logid: the log ID number
type: the log type, either traffic or event
subtype: the log subtype, either vpn or ipsec
level: the log level, either error, warning, or notice
vd: the virtual domain name
logdesc: the log description
msg: the log message
action: the log action, such as tunnel-up, tunnel-down, or tunnel-stats
remip: the remote IP address
locip: the local IP address
remport: the remote port number
locport: the local port number
outintf: the outgoing interface name
cookies: the IKE SA cookies
user: the user name
group: the user group name
useralt: the alternative user name
xauthuser: the XAuth user name
authgroup: the XAuth user group name
assignip: the assigned IP address
vpntunnel: the VPN tunnel name
tunnellip: the tunnel loopback IP address
tunnelid: the tunnel ID number
tunneltype: the tunnel type, either ipsec or ssl
duration: the tunnel duration in seconds
sentbyte: the number of bytes sent
rcvdbyte: the number of bytes received
nextstat: the next statistics interval in seconds
advpnsc: the ADVPN shortcut flag, either 0 or 1
Based on the exhibit, the following statement is true:
There is one shortcut tunnel built from master tunnel T_MPLS_0. This means that the VPN tunnel T_MPLS_0 is a master tunnel that can send ADVPN shortcut offers to other spokes, and the VPN tunnel T_MPLS_0_0 is a shortcut tunnel that is built from the master tunnel T_MPLS_01. In the exhibit, the log action for T_MPLS_0 is tunnel-up, and the log action for T_MPLS_0_0 is shortcut-up. The advpnsc flag for T_MPLS_0 is 0, indicating that it is not a shortcut tunnel, while the advpnsc flag for T_MPLS_0_0 is 1, indicating that it is a shortcut tunnel.
Refer to the exhibits.
Exhibit A
Exhibit B
Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.
Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)
- A . FortiGate flags the sessions as dirty.
- B . FortiGate continues routing the sessions with no SNAT, over port2.
- C . FortiGate performs a route lookup for the original traffic only.
- D . FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.
What is the route-tag setting in an SD-WAN rule used for?
- A . To indicate the routes for health check probes.
- B . To indicate the destination of a rule based on learned BGP prefixes.
- C . To indicate the routes that can be used for routing SD-WAN traffic.
- D . To indicate the members that can be used to route SD-WAN traffic.
Refer to the exhibit.
Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)
- A . London generates an IKE information message that contains the Toronto public IP address.
- B . Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
- C . Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
- D . The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
- A . The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
- B . T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
- C . T_INET_0_0 does not have a valid route to the destination.
- D . T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
Refer to the exhibit.
Which statement about the role of the ADVPN device in handling traffic is true?
- A . This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.
- B . Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.
- C . This is a hub that has received a query from a spoke and has forwarded it to another spoke.
- D . Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.
The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks.
What are three mandatory post-run tasks that must be performed? (Choose three.)
- A . Create policy packages for branch devices.
- B . Assign an sdwan_id metadata variable to each device (branch and hub}.
- C . Configure routing through overlay tunnels created by the SD-WAN overlay template.
- D . Assign a branch_id metadata variable to each branch device.
- E . Configure SD-WAN rules.
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?
- A . diagnose sys sdwan sla-log
- B . diagnose ays sdwan health-check
- C . diagnose sys sdwan intf-sla-log
- D . diagnose sys sdwan log
Latest NSE7_SDW-7.2 Dumps Valid Version with 70 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
