Fortinet NSE7_SDW-7.0 Exam Practice Questions (P. 1)
- Full Access (62 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?
- Adiagnose sys sdwan intf-sla-logMost Voted
- Bdiagnose sys sdwan health-check
- Cdiagnose sys sdwan log
- Ddiagnose sys sdwan sla-log
Correct Answer:
D
D

The correct command for showing member utilization statistics as measured by performance SLAs over the last 10 minutes is 'diagnose sys sdwan sla-log'. This command focuses specifically on performance SLAs rather than overall health checks or broader system logs. It's important not to confuse this with related commands that might appear similar but serve different aspects of system diagnostics within SD-WAN environments. Keep an eye on the context of the statistics being gathered when selecting the appropriate diagnostic command.
send
light_mode
delete
Question #2
Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)
- AEncapsulating Security Payload (ESP)Most Voted
- BSecure Shell (SSH)
- CInternet Key Exchange (IKE)Most Voted
- DSecurity Association (SA)
Correct Answer:
AC
AC

For the IPsec suite, both IKE and ESP are fundamental. IKE is crucial because it's used in the establishment of the security associations and key management, essential in phase 1 of IPsec. ESP, on the other hand, is integral for providing confidentiality, authenticity, and integrity of the data packets in phase 2. It's important to focus on these protocols to ensure robust VPN setups compliant with security standards.
send
light_mode
delete
Question #3
Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)
- Aupdate-source
- Bset-route-tag
- Choldtime-timerMost Voted
- Dlink-down-failoverMost Voted
Correct Answer:
CD
CD

Adjusting the 'holdtime-timer' and enabling 'link-down-failover' are crucial for accelerating the routing convergence in BGP. The former tweaks the time BGP waits before declaring a non-responsive neighbor down, thereby speeding up reconvergence, while the latter quickly reroutes traffic if a link fails, minimizing downtime and maintaining network resilience. Both these settings are foundational for ensuring quick adaptation to network changes, leading to a more reliable BGP operation.
send
light_mode
delete
Question #4
Refer to the exhibits.
Exhibit A -

Exhibit B -

Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.
The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
Exhibit A -

Exhibit B -

Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.
The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
- AThe traffic will be load balanced across all three overlays.
- BThe traffic will be routed over T_INET_0_0.
- CThe traffic will be routed over T_MPLS_0.
- DThe traffic will be routed over T_INET_1_0.Most Voted
Correct Answer:
C
C
send
light_mode
delete
Question #5
Refer to the exhibit.

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)
- ALondon generates an IKE information message that contains the Toronto public IP address.
- BTraffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.Most Voted
- CToronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
- DThe first packets from Toronto to London are routed through Hub 1 then to Hub 2.Most Voted
Correct Answer:
BD
BD
send
light_mode
delete
All Pages