당신은 온라인 연습 문제를 통해 Fortinet NSE7_SDW-7.2 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 NSE7_SDW-7.2 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 70개의 시험 문제와 답을 포함하십시오.
/ 2
Question No : 1
Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.
What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?
정답:
Question No : 2
Refer to the exhibits.
Exhibit A -
Exhibit B -
Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.
The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.
Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?
정답:
Question No : 3
Refer to the exhibit.
The exhibit shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?
정답:
Question No : 4
What is the route-tag setting in an SD-WAN rule used for?
정답:
Question No : 5
Which are two benefits of using CLI templates in FortiManager? (Choose two.)
정답:
Question No : 6
Refer to the exhibits.
Which conclusion about the packet debug flow output is correct?
정답: Explanation:
In a Per-IP shaper configuration, if an IP address exceeds the configured concurrent session limit, the message "Denied by quota check" appears. SD-WAN 7.0 Study Guide page 287
Question No : 7
Which two statements about SD-WAN central management are true? (Choose two.)
정답: Explanation:
Normalized interfaces are not supported for SD-WAN templates. You can create multiple SD-WAN zones and add interface members to the SD-WAN zones. You must bind the interface members by
name to physical interfaces or VPN interfaces. https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-new-features/794804/new-sd-wan-template-fmg
Question No : 8
Refer to the exhibit.
Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
정답: Explanation:
FortiGate not to flag existing impacted session as dirty by setting firewall-session-dirty to check new.
The results is that FortiGate evaluates only new session against the new firewall policy.
Question No : 9
Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)
정답: Explanation:
sdwan_service_id is 0 = match SD-WAN implicit rule, study guide 7.0 page 120, 7.2 page 149 SD-WAN rules internally are interpreted as a Policy route, so when the traffic doesn't match with any policy route, it will be flowing by implict policy.
Question No : 11
Refer to the exhibits.
Exhibit B
Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.
Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?
정답:
Question No : 12
Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?
정답: Explanation:
IKE real-time debug - useful when debugging ADVPN shortcut messages and spoke-to-spoke negotiations.
• diagnose debug console timestamp enable
• diagnose vpn ike log filter clear
• diagnose vpn ike log filter mdst-addr4 <ip.of.hub> <ip.of.spoke>
• diagnose debug application ike -1
• diagnose debug enable
Question No : 13
Refer to the exhibit.
Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?
정답: Explanation:
for using "non ike" routes (for example BGP/static and so on) you must do disable the add-route that
inject automatically kernel route based on p2 selectors from the remote site from the SD-WAN_7.2_Study_Guide page 236
Question No : 14
Refer to the exhibits.
Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)
정답:
Question No : 15
Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)
정답: Explanation:
Pages 85,86 in Study guide 7.0 Pages 100,101 in Study guide 7