Practice Free NSE6_SDW_AD-7.6 Exam Online Questions
Which three factors about SLA targets and SD-WAN rules should you consider when configuring SD-WAN rules? (Choose three.)
- A . Member metrics are measured only if a rule uses the SLA target.
- B . SLA targets are used only by SD-WAN rules that are configured with a Lowest Cost (SLA) strategy.
- C . SD-WAN rules can use SLA targets to check whether the preferred members meet the SLA requirements.
- D . When configuring an SD-WAN rule, you can select multiple SLA targets if they are from the same performance SLA.
- E . When configuring an SD-WAN rule, you can select multiple SLA targets from different performance SLAs.
B, C, E
Explanation:
The use of SLA targets is specific to certain SD-WAN strategies. The "Lowest Cost (SLA)" and "Maximize Bandwidth (SLA)" strategies are explicitly designed to use the configured SLA targets to make routing decisions. The "Best Quality" strategy uses performance metrics but does not necessarily require or reference SLA targets in the same way, while "Manual" does not use metrics at all for path selection.
This is a core function of SD-WAN rules with SLA targets. The purpose of configuring an SLA target with specific thresholds for latency, jitter, and packet loss is to define what is considered "acceptable" performance for an application. SD-WAN rules then use these targets to check if the members (interfaces) meet these requirements before a flow is steered over them, ensuring that a preferred path still offers a good user experience.
FortiGate allows for a single SD-WAN rule to reference multiple, different performance SLAs. This is crucial for complex deployments where a single SD-WAN rule needs to handle traffic for multiple applications that have distinct performance requirements. For example, a single rule might direct VoIP traffic based on one performance SLA with strict latency/jitter targets, while simultaneously handling general web traffic using another performance SLA with more lenient requirements.
The FortiGate devices are managed by ForliManager, and are configured for direct internet access (DIA).
You confirm that DIA is working as expected for each branch, and check the SD-WAN zone configuration and firewall policies shown in the exhibits.
Then, you use the SD-WAN overlay template to configure the IPsec overlay tunnels. You create the associated SD-WAN rules to connect existing branches to the company hub device and apply the changes on the branches.
After those changes, users complain that they lost internet access. DIA is no longer working.
Based on the exhibit, which statement best describes the possible root cause of this issue?
- A . The SD-WAN overlay template defines a zone for each underlay interface and moves the interfaces into those zones.
- B . The SD-WAN overlay template didn’t configure a firewall policy to allow traffic through the overlay.
- C . The SD-WAN overlay template redefines the interface gateway addresses if they are defined with metadata variables.
- D . The SD-WAN overlay template updates the SD-WAN template and the rules.
A
Explanation:
The SD-WAN overlay template defines a zone for each underlay interface and moves the interfaces into those zones. This statement perfectly describes the likely sequence of events. The template, when applied, re-organizes the interfaces and zones, causing the existing firewall policy that relies on the old zone configuration to fail. This is the most plausible root cause.
What is the purpose of configuring SD-WAN routing?
- A . To configure quality of service (QoS)
- B . To configure application performance monitoring
- C . To configure network connectivity between sites
- D . To configure security policies
Which two statements about SD-WAN rules are true? (Choose two.)
- A . Regular policy routes take precedence over SD-WAN rules.
- B . SD-WAN rules take precedence over static routes.
- C . SD-WAN rules can be used only to define load balancing methods.
- D . SD-WAN rules are treated as static routes.
Refer to the exhibit.
When attempting to establish an IPsec tunnel to FortiGate, all remote users match the FIRST_VPN IPsec VPN. This includes remote users that want to connect to the SECOND_VPN IPsec VPN.
Which two configuration changes must you make on both IPsec VPNs so that remote users can connect to their intended IPsec VPN? (Choose two.)
- A . Configure different proposals.
- B . Configure a unique peer ID.
- C . Change the IKE mode to aggressive.
- D . Configure different Diffie Hellman groups.
When is an SD-WAN member considered to be in the dead state?
- A . When the SD-WAN member reaches the failure threshold
- B . When both servers used for health checks are reachable by an interface member
- C . When the SD-WAN member has an active route in a routing table
- D . When the SD-WAN member meets the SLA target requirement
What is the purpose of deploying ADVPN in a hub-and-spoke IPsec topology for SD-WAN?
- A . To ensure secure communication between sites
- B . To improve application performance
- C . To simplify configuration and management
- D . To provide high-speed internet connectivity
Refer to the exhibit.
Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?
- A . The type of traffic defined and allowed on firewall policy ID 1 is UDP.
- B . Changes have been made on firewall policy ID 1 on FortiGate.
- C . Firewall policy ID 1 has source NAT disabled.
- D . FortiGate has terminated the session after a change on policy ID 1.
You want to configure ADVPN without route reflection on your SD-WAN topology.
Which two statements apply to this scenario? (Choose two.)
- A . ADVPN without route reflection is compatible with BGP on loopback.
- B . ADVPN without route reflection is also called ADVPN 2.0.
- C . ADVPN without route reflection allows hub-side steering by route tag.
- D . ADVPN without route reflection is compatible with static routing on the overlay.
Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two)
- A . Transport Layer Security (TLS)
- B . Encapsulating Security Payload (ESP)
- C . Secure Shell (SSH)
- D . Internet Key Exchange (IKE)
- E . Security Association (SA)