Practice Free NSE6_SDW_AD-7.6 Exam Online Questions
Refer to the exhibits.
The exhibits show an SD-WAN event log, the member status, and the SD-WAN rule configuration.
Which two conclusions can you draw from the information shown? (Choose two.)
- A . The administrator configured the service ID 1 with the highest priority member for port2.
- B . Port2 has a lower latency than port1.
- C . FortiGate updated the outgoing interface list on the rule so it prefers port2.
- D . The administrator configured the SD-WAN rule ID 1 with the default strategy mode.
B, C
Explanation:
The SD-WAN rule (config service edit 1) is configured with set mode priority. This means the rule selects the best interface based on a defined performance metric, as opposed to a simple static priority or SLA. The event log (image_41cfb5.png) shows Metric latency and Message Service prioritized by performance metric will be redirected in sequence order. This indicates that the rule is using latency to determine the preferred member. Given that the log message is about a change, and the most logical reason for a change in a priority mode is that a different member is now the best performer, it implies that the latency on port2 has become lower than that on port1.
The log message Service prioritized by performance metric will be redirected in sequence order confirms that FortiGate is changing the member being used for this service. Because the mode is priority, FortiGate dynamically selects the member that currently meets the best performance criteria, which in this case is latency. The log implies a new member has been selected as the most optimal, and with the default configuration, the members are sorted based on their performance, so the outgoing interface list is effectively updated to prefer the new best-performing member (port2).
Refer to the exhibit.
The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator
wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths
Which three settings must the administrator configure inside each BGP neighbor group so spokes can learn the prefixes of other spokes and their additional paths? (Choose three.)
- A . Set additional-path to send
- B . Set additional-path to forward
- C . Enable route-reflector-server
- D . Enable route-reflector-client.
- E . Set adv-additional-path to the number of additional paths to advertise.
A, D, E
Explanation:
The hub must send additional paths to spokes (set additional-path send).
The hub must treat each spoke as a route-reflector client so spoke routes are reflected to other spokes.
The hub must specify how many additional paths to advertise (set adv-additional-path <n>).
SD-WAN interacts with many other FortiGate features. Some of them are required to allow SD-WAN to steer the traffic.
Which three configuration elements that you must configure before FortiGate can steer traffic according to SD-WAN rules? (Choose three.)
- A . Firewall policies
- B . Interfaces
- C . Security profiles
- D . Traffic shaping
- E . Routing
A, B, E
Explanation:
Before FortiGate can steer traffic according to SD-WAN rules, certain configuration elements must be present.
The guide states:
"SD-WAN is not a standalone feature and interacts with several fundamental FortiGate configurations. Specifically, you must: (1) Define the interfaces (physical, VLAN, or IPsec) that will act as SD-WAN members, (2) Create firewall policies to allow traffic to be steered by SD-WAN, and (3) Set up routing so that traffic has valid routes via SD-WAN members. Without these, SD-WAN rules will not be able to match or steer any traffic."
Security profiles and traffic shaping are not mandatory for basic SD-WAN steering but can be layered on for enhanced security and QoS once foundational elements are present.
Reference: [FCSS_SDW_AR-7.4 1-0.docx Q16]
FortiOS 7.4 SD-WAN Concept Guide, “Prerequisite Configuration Elements for SD-WAN Steering
Which statement about SD-WAN management on FortiManager is true?
- A . You can import an existing SD-WAN configuration into SD-WAN templates.
- B . You can configure SD-WAN using central management mode only.
- C . You can’t reference meta fields in CLI templates and SD-WAN templates.
- D . You must manually refresh the SD-WAN monitor page to get the latest status information.
What is the purpose of configuring DIA (Direct Internet Access) in SD-WAN?
- A . To improve network security
- B . To ensure high application performance
- C . To reduce bandwidth usage
- D . To provide direct internet access to branch sites
Which two configuration tasks are required to use SD-WAN? (Choose two.)
- A . Add one or more members to an SD-WAN zone.
- B . Configure at least one firewall policy for SD-WAN traffic.
- C . Specify the outgoing interface routing cost.
- D . Specify the incoming interfaces in SD-WAN rules.
What is the first step in troubleshooting an SD-WAN issue?
- A . Reboot the device
- B . Check network connectivity
- C . Check for software updates
- D . Check the device logs
Which components make up the secure SD-WAN solution?
- A . FortiGate, FortiManager, FortiAnalyzer, and FortiDeploy
- B . Application, antivirus, and URL, and SSL inspection
- C . Datacenter, branch offices, and public cloud
- D . Telephone, ISDN, and telecom network
What is the purpose of configuring SD-WAN application profiles?
- A . To configure routing protocols
- B . To configure security policies
- C . To configure application performance monitoring
- D . To configure WAN optimization
Refer to the exhibits.
You use FortiManager to manage the branch devices and configure the SD-WAN template. You have configured direct internet access (DIA) for the IT department users. Now. you must configure secure internet access (SIA) for all local LAN users and have set the firewall policies as shown in the second exhibit.
Then, when you use the install wizard to install the configuration and the policy package on the branch devices, FortiManager reports an error as shown in the third exhibit.
Which statement describes why FortiManager could not install the configuration on the branches?
- A . You must direct SIA traffic to a VPN tunnel.
- B . You cannot install firewall policies that reference an SD-WAN zone.
- C . You cannot install firewall policies that reference an SD-WAN member.
- D . You cannot install SIA and DIA rules on the same device.
C
Explanation:
FortiManager enforces a strict distinction:
"Firewall policies must reference SD-WAN zones, not individual SD-WAN members, when used in conjunction with SD-WAN templates. Attempting to install a policy that references a specific member (interface) will result in a deployment error, as member-level targeting is not supported in SD-WAN policy abstraction. This enforces centralized policy consistency and proper SD-WAN operation." Ensuring policies target zones allows FortiGate to dynamically select the optimal member.