it is definitely B.. SDWAN study guide 7.2 page 47
Fortinet nse7-sdw-7-2 practice test
fortinet nse 7 - sd-wan 7.2
Question 1
In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose two.)
- A. It provides the benefits of a full-mesh topology in a hub-and-spoke network.
- B. It enables spokes to establish shortcuts to third-party gateways.
- C. It provides direct connectivity between spokes by creating shortcuts.
- D. It enables spokes to bypass the hub during shortcut negotiation.
Answer:
ac
Discussions
0
/ 1000
Question 2
Refer to the exhibit, which shows output of the command diagnose sys sdwan health-check status collected on a FortiGate device.
Which two statements are correct about the health check status on this FortiGate device? (Choose two.)
- A. The interface T_INET_0 missed three SLA targets.
- B. The interface T_INET_1 missed one SLA target.
- C. There is no SLA criteria configured for the health-check Level3_DNS.
- D. The health-check VPN_PING orders the members according to the measured jitter.
Answer:
bc
Discussions
0
/ 1000
Question 3
Refer to the exhibit.
Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?
- A. type must be set to static.
- B. add-route must be disabled.
- C. mode-cfg must be enabled.
- D. exchange-interface-ip must be enabled.
Answer:
b
Discussions
0
/ 1000
Question 4
Refer to the exhibits.
Exhibit A 
Exhibit B 
Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status.
If port2 is detected dead by FortiGate, what is the expected behavior?
- A. Host 8.3.8.8 is reachable through port1 and port2.
- B. Port2 becomes alive after three successful probes are detected.
- C. The administrator manually restores the static routes for port2, if port2 becomes alive.
- D. FortiGate disables all static routes for port2.
Answer:
d
Discussions
0
/ 1000
Question 5
Which two statements about the SD-WAN zone configuration are true? (Choose two.)
- A. You can use the service-sla-tie-break setting to configure preferred member selection based on the best route to the destination.
- B. The default zone is virtual-wan-link.
- C. You can delete the default zones.
- D. An SD-WAN member can belong to two or more zones.
Answer:
ab
Discussions
0
/ 1000
Question 6
Refer to the exhibits.
Exhibit A 
Exhibit B 
Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate.
Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)
- A. FortiGate continues routing the sessions with no SNAT, over port2.
- B. FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.
- C. FortiGate flags the sessions as dirty.
- D. FortiGate performs a route lookup for the original traffic only.
Answer:
bc
Discussions
0
/ 1000
Question 7
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.)
- A. It ensures consistent settings between phase1 and phase2.
- B. It guides the administrator to use Fortinet recommended settings.
- C. The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
- D. It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
Answer:
ab
Discussions
0
/ 1000
Question 8
Which two interfaces are considered overlay links? (Choose two.)
- A. IPsec
- B. LAG
- C. Physical
- D. GRE
Answer:
ad
Discussions
0
/ 1000
Question 9
Refer to the exhibits.
Exhibit A 
Exhibit B 
Exhibit A shows a policy package definition. Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices.
Based on the output shown in the exhibits, what can the administrator do to solve the issue?
- A. Create dynamic mapping for the LAN interface for all devices in the installation target list.
- B. Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.
- C. Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.
- D. Use a metadata variable instead of a dynamic interface to define the firewall policy.
Answer:
a
Discussions
0
/ 1000
Question 10
In which SD-WAN template field can you use a metadata variable?
- A. You can use metadata variables only to define interface members and the gateway IP.
- B. Any field identified with a dollar sign (S) in a magnifying glass.
- C. Any field identified with an "M" in a circle.
- D. All SD-WAN template fields support metadata variables.
Answer:
c
Discussions
0
/ 1000
3 months, 1 week ago
2 months, 3 weeks ago
Any field identified with a dollar sign ($) in a magnifying glass.
Identification of Fields:
In FortiGate SD-WAN templates, specific fields where metadata variables can be used are marked with an icon that looks like a magnifying glass with a dollar sign ($). This visual cue indicates that you can insert dynamic content into that field.
Using the Dollar Sign ($):
When you type the dollar sign ($) in one of these identified fields, it triggers a menu that displays all the available metadata variables. This allows you to select from pre-defined variables that are relevant to your configuration.
Metadata Variables:
Metadata variables are essentially placeholders that can hold different values based on the context in which they are used. For example, you might have a variable for a subnet, and its value could differ depending on which branch office or site the configuration is being applied to.
.....sadad
The response is A & C