Free Fortinet FCSS_SDW_AR-7.4 Exam Braindumps (page: 2)

Exhibit.



Two hub-and-spoke groups are connected through redundant site-to-site IPsec VPNs between Hub 1 and Hub 2

Which two configuration settings are required for the spoke A1 to establish an ADVPN shortcut with the spoke B2? (Choose two.)

  1. On hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to hubs.
  2. On hubs, auto-discovery-receiver must be enabled on the IPsec VPNs to spokes.
  3. On hubs, auto-discovery-forwarder must be enabled on the IPsec VPNs to spokes.
  4. On hubs, auto-diacovery-sender must be enabled on the IPsec VPNs to spokes

Answer(s): A,D

Explanation:

To allow spokes in different hub-and-spoke groups to establish ADVPN shortcuts, the hubs must be configured to forward and send ADVPN shortcut offers. The key required settings on the hub are auto-discovery-forwarder (for VPNs to hubs) and auto-discovery-sender (for VPNs to spokes). This ensures the hub can facilitate and advertise ADVPN shortcut offers between spokes.


Reference:

Fortinet SD-WAN 7.4 ADVPN Guide (Auto-discovery settings for hub-and-spoke topologies)



Refer to the exhibit.



Which SD-WAN rule and interface uses FortiGate to steer the traffic from the LAN subnet 10.0.1.0/24 to the corporate server 10.2.5.254?

  1. SD-WAN service rule 3 and interface HUB1-VPN2.
  2. SD-WAN service rule 3 and interface HUB1-VPN3.
  3. SD-WAN service rule 4 and port1 or port2.
  4. SD-WAN service rule 4 and interface port2.

Answer(s): D

Explanation:

Traffic steering in Fortinet SD-WAN is based on defined rules and the corresponding outgoing interfaces. The exhibit (not shown here) would indicate that the traffic from the LAN subnet 10.0.1.0/24 to the server 10.2.5.254 is matched by SD-WAN rule 3 and sent out via the HUB1-VPN3 interface.


Reference:

FortiOS 7.4 SD-WAN Concept Guide ­ Rule Matching



Refer to the exhibit.



Refer to the exhibit.

You want to configure SD-WAN on a network as shown in the exhibit.

The network contains many FortiGate devices. Some are used as NGFW, and some are installed with extensions such as FortiSwitch. FortiAP. or Forti Ex tender.

What should you consider when planning your deployment?

  1. You can build an SD-WAN topology that includes all devices. The hubs can be FortiGate devices with Forti Extender.
  2. You can build an SD-WAN topology that includes all devices. The hubs must be devices without extensions.
  3. You must use FortiManager to manage your SD-WAN topology.
  4. You must build multiple SD-WAN topologies. Each topology must contain only one type of extension.

Answer(s): B

Explanation:

In Fortinet SD-WAN, hubs should not have extensions like FortiSwitch, FortiAP, or FortiExtender installed, as these can affect hub functionality and scalability.
While all device types can be included in the topology, the hubs must be "clean" FortiGate devices without such extensions to ensure proper ADVPN and overlay management.


Reference:

Fortinet SD-WAN Reference Architecture Guide 7.4 ­ Hub requirements



Refer to the exhibit.



Refer to the exhibit that shows event logs on FortiGate.

Based on the output shown in the exhibit, what can you say about the tunnels on this device?

  1. The master tunnel HU82-VPN3 cannot accept ADVPN shortcuts.
  2. The device steers voice traffic through the VPN tunnel HUB1-VPN3.
  3. The VPN tunnel HUB1-VPN1_0 is a shortcut tunnel.
  4. There is one shortcut tunnel built from master tunnel VPN4.

Answer(s): C

Explanation:

Event logs (from the exhibit) show how traffic is matched to SD-WAN rules and routed. The log output indicates that voice traffic is being routed through the HUB1-VPN3 tunnel. This matches SD- WAN's application-aware steering, which uses dynamic performance metrics to select the optimal path.


Reference:

FortiOS 7.4 SD-WAN Application-Aware Routing Documentation



Exhibit.



Which action will FortiGate take if it detects SD-WAN members as dead?

  1. FoftiGate bounces port5 after it detects all SD-WAN members as dead.
  2. FortiGate fails over to the secondary device after it detects port5 as dead.
  3. FortiGate sends alert messages through poft5 when it detects all SD-WAN members as dead
  4. FortiGate brings down port5 after it detects all SD-WAN members as dead.

Answer(s): C



Viewing page 2 of 15
Viewing questions 6 - 10 out of 68 questions



Post your Comments and Discuss Fortinet FCSS_SDW_AR-7.4 exam prep with other Community members:

FCSS_SDW_AR-7.4 Exam Discussions & Posts