2024 Verified NSE7_SDW-7.0 dumps Q&As on your NSE 7 Network Security Architect Exam Questions Certain Success!
NSE7_SDW-7.0 Exam Dumps - 100% Marks In NSE7_SDW-7.0 Exam!
NEW QUESTION # 41
Refer to the exhibits.
Exhibit A
Exhibit B
Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.
Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)
- A. FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.
- B. Non-TCP Facebook and YouTube traffic are not used for performance measurement.
- C. The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.
- D. FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.
Answer: B,C
Explanation:
Study Guide 7.0, pages 88 - 89.
Study Guide 7.2, pages 103 - 104.
Another comment said "because without using application Control on the firewall policy, SDWAN can't work" but there is a app control "default" defined on config.
NEW QUESTION # 42
Refer to the exhibit.
In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs?
- A. It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
- B. It instructs the hub to skip content inspection on TCP traffic, to improve performance.
- C. It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.
- D. It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.
Answer: C
NEW QUESTION # 43
Refer to the exhibits.
Exhibit A -
Exhibit B -
Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.
The administrator wants FortiGate to limit the bandwidth used by YouTube. When testing, the administrator determines that FortiGate does not apply traffic shaping on YouTube traffic.
Based on the policies shown in the exhibits, what configuration change must be made so FortiGate performs traffic shaping on YouTube traffic?
- A. Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.
- B. Application control must be enabled on the firewall policy.
- C. Web filtering must be enabled on the firewall policy.
- D. Destination internet service must be enabled on the traffic shaping policy.
Answer: B
NEW QUESTION # 44
Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?
- A. auto-discovery-shortcuts
- B. link-down-failover
- C. idle-timeout
- D. hold-down-time
Answer: D
NEW QUESTION # 45
Refer to the exhibits.
Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)
- A. Dead peer detection is disabled.
- B. FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.
- C. The phase 1 configuration supports the network-overlay setting.
- D. FortiGate does not install IPsec static routes for remote protected networks in the routing table.
Answer: C,D
NEW QUESTION # 46
Refer to the exhibit.
The device exchanges routes using IBGP.
Which two statements are correct about the IBGP configuration and routing information on the device?
(Choose two.)
- A. additional-path is enabled.
- B. You can run the get router info routing-table database command to display the additional paths.
- C. ibgp-multipath is disabled.
- D. Each BGP route is three hops away from the destination.
Answer: A,B
NEW QUESTION # 47
Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?
- A. Per-IP shaping mode
- B. Shared-policy shaping mode
- C. Interface-based shaping mode
- D. Reverse-policy shaping mode
Answer: C
Explanation:
Explanation
Interface-based shaping goes further, enabling traffic controls based on percentage of the interface bandwidth.
NEW QUESTION # 48
Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?
- A. diagnose sys sdwan zone
- B. diagnose sys sdwan service
- C. diagnose sys sdwan member
- D. diagnose sys sdwan interface
Answer: A
NEW QUESTION # 49
Refer to the exhibit.
Based on the output, which two conclusions are true? (Choose two.)
- A. The SD-WAN rules take precedence over regular policy routes.
- B. The all_rules rule represents the implicit SD-WAN rule.
- C. There is more than one SD-WAN rule configured.
- D. Entry 1(id=1) is a regular policy route.
Answer: C,D
NEW QUESTION # 50
Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.
What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?
- A. You must set ike-version to 1.
- B. You must disable idle-timeout.
- C. You must enable net-device.
- D. You must enable auto-discovery-sender.
Answer: C
NEW QUESTION # 51
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?
- A. diagnose sys sdwan health-check
- B. diagnose sys sdwan log
- C. diagnose sys sdwan intf-sla-log
- D. diagnose sys sdwan sla-log
Answer: D
Explanation:
SD-WAN 7.2 Study Guide page 321 You can view the stored member metrics by running the diagnose sys sdwan sla-log command. Note that you must include the name of the performance SLA followed by the member configuration index number. To display the SLA logs per interface, you run the diagnose sys sdwan intf-sla-log command.
NEW QUESTION # 52
In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two )
- A. An absolute SD-WAN rule was defined and matched traffic.
- B. The FIB lookup resolved interface was the SD-WAN interface.
- C. Matched traffic failed RPF and was caught by the rule.
- D. Traffic has matched none of the FortiGate policy routes.
Answer: B,D
NEW QUESTION # 53
What are two reasons why FortiGate would be unable to complete the zero-touch provisioning process? (Choose two.)
- A. FortiGate has obtained a configuration from the platform template in FortiGate cloud.
- B. FortiDeploy has connected with FortiGate and provided the initial configuration to contact FortiManager
- C. The FortiGate cloud key has not been added to the FortiGate cloud portal.
- D. A factory reset performed on FortiGate.
- E. The zero-touch provisioning process has completed internally, behind FortiGate.
Answer: C,E
NEW QUESTION # 54
Refer to the exhibit.
Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?
- A. Changes have been made on firewall policy ID 1 on FortiGate.
- B. FortiGate has terminated the session after a change on policy ID 1.
- C. The type of traffic defined and allowed on firewall policy ID 1 is UDP.
- D. Firewall policy ID 1 has source NAT disabled.
Answer: A
NEW QUESTION # 55
Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
- A. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
- B. T_INET_0_0 does not have a valid route to the destination.
- C. T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
- D. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
Answer: A,B
NEW QUESTION # 56
......
Pass Your NSE7_SDW-7.0 Exam Easily With 100% Exam Passing Guarantee: https://examcollection.dumpsvalid.com/NSE7_SDW-7.0-brain-dumps.html