New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

NSE7_SDW-7.2 Exam Dumps - Fortinet NSE 7 - SD-WAN 7.2

Go to page:
Question # 17

Which two statements describe how IPsec phase 1 main mode id different from aggressive mode when performing IKE negotiation? (Choose two.)

A.

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.

Three packets are exchanged between an initiator and a responder instead of six packets.

D.

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Full Access
Question # 18

Refer to the exhibits.

Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on FortiGate acting as the sender. Exhibit B shows the sniffer output on a FortiGate acting as the receiver.

The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1_0.

Based on the output shown in the exhibits, which two reasons can cause the observed behavior? (Choose two.)

A.

On the receiver FortiGate, packet-de-duplication is enabled.

B.

The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way.

C.

The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU.

D.

On the sender FortiGate, duplication-max-num is set to 3.

Full Access
Question # 19

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.)

A.

It ensures consistent settings between phase1 and phase2.

B.

It guides the administrator to use Fortinet recommended settings.

C.

It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

D.

The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

Full Access
Question # 20

The administrator uses the FortiManager SD-WAN overlay template to prepare an SD-WAN deployment. With information provided through the SD-WAN overlay template wizard, FortiManager creates templates ready to install on spoke and hub devices.

Select three templates created by the SD-WAN overlay template for a spoke device. (Choose three.)

A.

System template

B.

BGP template

C.

IPsec tunnel template

D.

CLI template

E.

Overlay template

Full Access
Question # 21

Refer to the exhibits.

Exhibit A shows two IPsec templates to define Branch_IPsec_1 and Branch_IPsec_2. Each template defines a VPN tunnel.

Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device.

Which statement best explain the cause for this issue?

A.

You can assign only one template with a tunnel of fype static to each FortiGate device

B.

You can define only one IPsec tunnel from branch devices to HUB1.

C.

You can assign only one IPsec template to each FortiGate device.

D.

You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.

Full Access
Question # 22

Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two )

A.

A peer ID is included in the first packet from the initiator, along with suggested security policies.

B.

XAuth is enabled as an additional level of authentication, which requires a username and password.

C.

A total of six packets are exchanged between an initiator and a responder instead of three packets.

D.

The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.

Full Access
Question # 23

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)

A.

FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

B.

By default, local-out traffic does not use SD-WAN.

C.

By default, FortiGate does not check if the selected member has a valid route to the destination.

D.

You must configure each local-out feature individually, to use SD-WAN.

Full Access
Question # 24

What are two common use cases for remote internet access (RIA)? (Choose two.)

A.

Provide direct internet access on spokes

B.

Provide internet access through the hub

C.

Centralize security inspection on the hub

D.

Provide thorough inspection on spokes

Full Access
Go to page: