Practice Free NSE6_SDW_AD-7.6 Exam Online Questions
Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?
- A . diagnose sys sdwan zone
- B . diagnose sys sdwan service
- C . diagnose sys sdwan member
- D . diagnose sys sdwan interface
What is the first step in troubleshooting an SD-WAN issue?
- A . Reboot the device
- B . Check network connectivity
- C . Check for software updates
- D . Check the device logs
You want FortiGate to use SD-WAN rules to steer ping local-out traffic.
Which two constraints should you consider? Choose two answers.
- A . You can steer local-out traffic only with SD-WAN rules that use the manual strategy.
- B . By default, FortiGate uses SD-WAN rules only for local-out traffic that corresponds to ping and traceroute.
- C . By default, local-out traffic does not use SD-WAN.
- D . You must configure each local-out feature individually to use SD-WAN.
Refer to the exhibits.
You collected the output shown in the exhibits and want to know which interface HTTP traffic will flow through from the user device 10.0.1.101 to the corporate web server 10.0.0.126. All SD-WAN links are stable.
Which interface will FortiGate use to steer the traffic? Choose one answer.
- A . Only HUB1-VPN3
- B . Only HUB1-VPN2
- C . Either HUB1-VPN2 or HUB1-VPN3
- D . Either HUB1-VPN1, HUB1-VPN2, or HUB1-VPN3
Refer to the exhibits.
You use FortiManager to manage the branch devices and configure the SD-WAN template. You have configured direct internet access (DIA) for the IT department users. Now. you must configure secure internet access (SIA) for all local LAN users and have set the firewall policies as shown in the second exhibit.
Then, when you use the install wizard to install the configuration and the policy package on the branch devices, FortiManager reports an error as shown in the third exhibit.
Which statement describes why FortiManager could not install the configuration on the branches?
- A . You must direct SIA traffic to a VPN tunnel.
- B . You cannot install firewall policies that reference an SD-WAN zone.
- C . You cannot install firewall policies that reference an SD-WAN member.
- D . You cannot install SIA and DIA rules on the same device.
Refer to the exhibits.
An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in the first exhibit. After generating GoToMeeting test traffic, the administrator examined the corresponding traffic log on FortiAnalyzer, which is shown in the second exhibit.
The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)
- A . Full SSL inspection is not enabled on the matching firewall policy.
- B . The session 3-tuple did not match any of the existing entries in the ISDB application cache.
- C . FortiGate could not refresh the routing information on the session after the application was detected.
- D . No configured SD-WAN rule matches the traffic related to the collaboration application GoToMeeting
Which diagnostic command can you use to show interface-specific SLA logs for the last 10 minutes?
- A . diagnose sys virtual-wan-link health-check
- B . diagnose sys virtual-wan-link log
- C . diagnose sys virtual-wan-link sla-log
- D . diagnose sys virtual-wan-link intf-sla-log
Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
- A . The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
- B . T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
- C . T_INET_0_0 does not have a valid route to the destination.
- D . T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
What is the main benefit of using a hub-and-spoke IPsec topology for SD-WAN and ADVPN instead of a full-mesh topology?
- A . Simplified configuration and management
- B . Improved security
- C . Increased application performance
- D . Better network connectivity
Refer to exhibits.
Exhibit A shows the performance SLA exhibit B shows the SD-WAN diagnostics output.
Based on the exhibits, which statement is correct?
- A . Port1 became dead because no traffic was offload through the egress of port1.
- B . SD-WAN member interfaces are affected by the SLA state of the inactive interface.
- C . Both SD-WAN member interfaces have used separate SLA targets.
- D . The SLA state of port1 is dead after five unanswered requests by the SLA servers.