This page was exported from Exams Labs Braindumps [ http://blog.examslabs.com ] Export date:Thu Nov 21 20:54:18 2024 / +0000 GMT ___________________________________________________ Title: [Jul-2024] Use Real NSE7_SDW-7.2 Dumps Free Sample Questions and Practice Test Engine [Q22-Q38] --------------------------------------------------- [Jul-2024] Use Real NSE7_SDW-7.2 Dumps Free Sample Questions and Practice Test Engine Pass Fortinet NSE7_SDW-7.2 exam - questions - convert Tets Engine to PDF NO.22 Refer to the exhibits.Exhibit AExhibit BExhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)  The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.  FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.  FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.  Non-TCP Facebook and YouTube traffic are not used for performance measurement. Study Guide 7.2, pages 103 – 104. Another comment said “because without using application Control on the firewall policy, SDWAN can’t work” but there is a app control “default” defined on config.NO.23 Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two )  A peer ID is included in the first packet from the initiator, along with suggested security policies.  XAuth is enabled as an additional level of authentication, which requires a username and password.  A total of six packets are exchanged between an initiator and a responder instead of three packets.  The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance. NO.24 Refer to the exhibit.Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.)  After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.  During passive monitoring, FortiGate can’t detect dead members.  FortiGate can offload the traffic that is subject to passive monitoring to hardware.  FortiGate passively monitors the member if TCP traffic is passing through the member. NO.25 Refer to the exhibits.Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10.Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route mapconfiguration.The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1.However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.Based on the exhibits, which configuration change is required to fix issue?  In the dcl-lab-rm route map configuration, set set-route-tag to 10.  In SD-WAN rule ID 1, change the destination to use ISDB entries.  In the BGP neighbor configuration, apply the route map dcl-lab-rm in the outbound direction.  In the dcl-lab-rm route map configuration, unset match-community. NO.26 Refer to the exhibit.Based on the exhibit, which action does FortiGate take?  FortiGate bounces port5 after it detects all SD-WAN members as dead.  FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.  FortiGate brings up port5 after it detects all SD-WAN members as alive.  FortiGate brings down port5 after it detects all SD-WAN members as dead. NO.27 Refer to the exhibit.The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wantsBGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths.However, when looking at the spoke routing table, the administrator does not see the prefixes from otherspokes and the additional paths.Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group sospokes can learn other spokes prefixes and their additional paths? (Choose three.)  Setadditional-pathtosend  Enableroute-reflector-client  Setadvertisement-intervalto the number of additional paths to advertise  Setadv-additional-pathto the number of additional paths to advertise  Enablesoft-reconfiguration NO.28 Which are three key routing principles in SD-WAN? (Choose three.)  FortiGate performs route lookups for new sessions only.  Regular policy routes have precedence over SD-WAN rules.  SD-WAN rules have precedence over ISDB routes.  By default, SD-WAN members are skipped if they do not have a valid route to the destination.  By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member. ExplanationStudy Guide 7.2, pages 125, 129, 151NO.29 Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)  FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.  By default, local-out traffic does not use SD-WAN.  By default, FortiGate does not check if the selected member has a valid route to the destination.  You must configure each local-out feature individually, to use SD-WAN. NO.30 Refer to the exhibit.Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?  All traffic from a source IP to a destination IP is sent to the same interface.  All traffic from a source IP is sent to the same interface.  All traffic from a source IP is sent to the most used interface.  All traffic from a source IP to a destination IP is sent to the least used interface. ExplanationStudy Guide 7.2, page 176.NO.31 Refer to the exhibit.FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)  Specify a unique peer ID for each dial-up VPN interface.  Use different proposals are used between the interfaces.  Configure the IKE mode to be aggressive mode.  Use unique Diffie Hellman groups on each VPN interface. NO.32 Refer to the exhibit.Which conclusion about the packet debug flow output is correct?  The original traffic exceeded the maximum packets per second of the outgoing interface, and the packetwas dropped.  The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet wasdropped.  The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet wasdropped.  The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packetwas dropped. NO.33 Refer to the exhibit.Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choosetwo.)  FortiGate does not change the routing information on existing sessions that use a valid gateway, after aroute change.  FortiGate performs routing lookups for new sessions only, after a route change.  FortiGate always blocks all traffic, after a route change.  FortiGate flushes all routing information from the session table, after a route change. NO.34 Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)  The traffic shaper drops packets if the bandwidth is less than 2500 KBps.  The measured bandwidth is less than 100 KBps.  The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.  The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps. NO.35 Refer to the exhibit.The exhibit shows the SD-WAN rule status and configuration.Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?  When all three members have the same packet loss.  When T_INET_0_0 has 4% packet loss.  When T_INET_0_0 has 12% packet loss.  When T_INET_1_0 has 4% packet loss. NO.36 Refer to the exhibit.Which two SD-WAN template member settings support the use of FortiManager meta fields? (Choose two.)  Cost  Interface member  Priority  Gateway IP NO.37 Refer to the exhibit.Based on the output, which two conclusions are true? (Choose two.)  There is more than one SD-WAN rule configured.  The SD-WAN rules take precedence over regular policy routes.  The all_rules rule represents the implicit SD-WAN rule.  Entry 1(id=1) is a regular policy route. NO.38 Exhibit.The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?  There are no IPsec tunnel statistics log messages for ADVPN cuts.  There is one shortcut tunnel built from master tunnel T_MPLS_0.  The VPN tunnel T_MPLS_0 is a shortcut tunnel.  The master tunnel T_INET_0 cannot accept the ADVPN shortcut. VPN event logs record the status of VPN tunnels, such as the establishment, termination, or failure of a tunnel.The output includes the following information:logid: the log ID numbertype: the log type, either traffic or eventsubtype: the log subtype, either vpn or ipseclevel: the log level, either error, warning, or noticevd: the virtual domain namelogdesc: the log descriptionmsg: the log messageaction: the log action, such as tunnel-up, tunnel-down, or tunnel-stats remip: the remote IP address locip: the local IP address remport: the remote port number locport: the local port number outintf: the outgoing interface name cookies: the IKE SA cookies user: the user name group: the user group name useralt: the alternative user name xauthuser: the XAuth user name authgroup: the XAuth user group name assignip: the assigned IP address vpntunnel: the VPN tunnel name tunnellip: the tunnel loopback IP address tunnelid: the tunnel ID number tunneltype: the tunnel type, either ipsec or ssl duration: the tunnel duration in seconds sentbyte: the number of bytes sent rcvdbyte: the number of bytes received nextstat: the next statistics interval in seconds advpnsc: the ADVPN shortcut flag, either 0 or 1 Based on the exhibit, the following statement is true:There is one shortcut tunnel built from master tunnel T_MPLS_0. This means that the VPN tunnel T_MPLS_0 is a master tunnel that can send ADVPN shortcut offers to other spokes, and the VPN tunnel T_MPLS_0_0 is a shortcut tunnel that is built from the master tunnel T_MPLS_01. In the exhibit, the log action for T_MPLS_0 is tunnel-up, and the log action for T_MPLS_0_0 is shortcut-up. The advpnsc flag for T_MPLS_0 is 0, indicating that it is not a shortcut tunnel, while the advpnsc flag for T_MPLS_0_0 is 1, indicating that it is a shortcut tunnel. Loading … Pass Your NSE7_SDW-7.2 Exam Easily - Real NSE7_SDW-7.2 Practice Dump Updated Jul 01, 2024: https://www.examslabs.com/Fortinet/NSE-7-Network-Security-Architect/best-NSE7_SDW-7.2-exam-dumps.html --------------------------------------------------- Images: https://blog.examslabs.com/wp-content/plugins/watu/loading.gif https://blog.examslabs.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-07-01 10:45:50 Post date GMT: 2024-07-01 10:45:50 Post modified date: 2024-07-01 10:45:50 Post modified date GMT: 2024-07-01 10:45:50