Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_SDW-7.2

Free Fortinet NSE7_SDW-7.2 Exam Braindumps (page: 4)

Page 4 of 26
PDF with 99 Questions

Refer to the exhibit.



Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

  1. FortiGate does not install IPsec static routes for remote protected networks in the routing table.
  2. The phase 1 configuration supports the network-overlay setting.
  3. FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.
  4. Dead peer detection is disabled.

Answer(s): A,B



Refer to the exhibits.





Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10.

Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration.

The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1.

However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.

Based on the exhibits, which configuration change is required to fix issue?

  1. In the dc1-lan-rm route map configuration, set set-route-tag to 10.
  2. In SD-WAN rule ID 1, change the destination to use ISDB entries.
  3. In the dc1-lan-rm route map configuration, unset match-community.
  4. In the BGP neighbor configuration, apply the route map dc1-lan-rm in the outbound direction.

Answer(s): A



What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

  1. VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
  2. FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
  3. IPsec recommended template guides the administrator to use Fortinet recommended settings.
  4. IPsec recommended template ensures consistent settings between phase1 and phase2

Answer(s): B,C

Explanation:

According to the SD-WAN 7.2 Study Guide, IPsec recommended templates are designed to simplify the configuration of IPsec tunnels in a hub-and-spoke topology. They have the following advantages:

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM. This reduces the manual effort and ensures that all spokes have the same configuration.

IPsec recommended template guides the administrator to use Fortinet recommended settings, such as encryption algorithms, key lifetimes, and dead peer detection. This ensures optimal performance and security of the IPsec tunnels.



Refer to the exhibit.



An administrator used the SD-WAN overlay template to prepare an IPsec configuration for a hub-and- spoke SD-WAN topology. The exhibit shows the installation preview for one FortiGate device. In the exhibit, which statement best describes the configuration applied to the FortiGate device?

  1. It is a hub device. It can send ADVPN shortcut offers.
  2. It is a spoke device that establishes dynamic IPsec tunnels to the hub. The subnet range is 10.10.128.0/23.
  3. It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.
  4. It is a hub device and will automatically discover the spoke devices that are in the SD-WAN topology.

Answer(s): A






Post your Comments and Discuss Fortinet NSE7_SDW-7.2 exam prep with other Community members:

NSE7_SDW-7.2 Exam Discussions & Posts