Practice Free NSE6_SDW_AD-7.6 Exam Online Questions
Refer to the exhibits.
The exhibits show the configuration for SD-WAN performance. SD-WAN rule, the application IDs of Facebook and YouTube along with the firewall policy configuration and the underlay zone status.
Which two statements are true about the health and performance of SD-WAN members 3 and 4? (Choose two.)
- A . Only related TCP traffic is used for performance measurement.
- B . The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.
- C . Encrypted traffic is not used for the performance measurement.
- D . FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.
Refer to the exhibit.
FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
- A . Specify a unique peer ID for each dial-up VPN interface.
- B . Different proposals are used between the interfaces.
- C . Configure the IKE mode to be aggressive mode.
- D . Use unique Diffie Hellman groups on each VPN interface.
Refer to the exhibit.
Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.)
- A . FortiGate flushes all sessions.
- B . FortiGate terminates the old sessions.
- C . FortiGate does not change existing sessions.
- D . FortiGate evaluates new sessions.
Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two.)
- A . A peer ID is included in the first packet from the initiator, along with suggested security policies.
- B . XAuth is enabled as an additional level of authentication, which requires a username and password.
- C . A total of six packets are exchanged between an initiator and a responder instead of three packets.
- D . The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance.
In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose two.)
- A . It provides the benefits of a full-mesh topology in a hub-and-spoke network.
- B . It provides direct connectivity between spokes by creating shortcuts.
- C . It enables spokes to bypass the hub during shortcut negotiation.
- D . It enables spokes to establish shortcuts to third-party gateways.
You are planning a large SD-WAN deployment with approximately 1000 spokes and want to allow ADVPN between the spokes. Some remote sites use FortiSASE to connect to the company’s SD-WAN hub.
Which overlay routing configuration should you use?
- A . BGP on loopback with dynamic BGP for ADVPN shortcut routing.
- B . BGP on loopback with IPsec phase2 selectors for ADVPN shortcut routing.
- C . BGP per overlay with dynamic BGP for ADVPN shortcut routing.
- D . BGP per overlay with BGP next-hop convergence for ADVPN shortcut routing.
As an MSSP administrator, you are asked to configure ADVPN on an existing SD-WAN topology. FortiManager manages the customer devices in a dedicated ADOM. The previous administrator used the SD-WAN overlay topology.
Which two statements apply to this scenario? (Choose two.)
- A . You can activate auto-discovery VPN in the SD-WAN overlay template only if it is a single hub topology.
- B . When auto-discovery VPN is enabled, FortiManager updates the IPsec and BGP templates in the hub.
- C . After you enable auto-discovery VPN in the overlay template, you must select between ADVPN 2.0 and ADVPN 1.0.
- D . You can activate auto-discovery VPN in the SD-WAN overlay template for any type of topology, including a primary-primary dual-hub topology.
Refer to the exhibit.
An SD-WAN zone configuration on the FortiGate GUI is shown.
What can you conclude about the zone and member configuration on this device? Choose one answer.
- A . You can delete the virtual-wan-link zone.
- B . The WAN2 zone contains no member.
- C . You can delete the WAN1 zone.
- D . You can add the member B-125 to the WAN3 zone and keep it as a member of the Test zone.
Refer to the exhibit.
The administrator configured two SD-WAN rules to load balance traffic.
Which interfaces does FortiGate use to steer the traffic from 10.0.1.124 to 10.0.0.254? Choose one answer.
- A . port1 or port2
- B . FortiGate routes the traffic according to the FIB.
- C . HUB1-VPN2
- D . Any interface in the HUB1 or HUB2 zones
Which statement defines how a per-IP traffic shaper of 10 Mbps is applied to the entire network?
- A . The 10 Mbps bandwidth is shared equally among the IP addresses.
- B . Each IP is guaranteed a minimum 10 Mbps of bandwidth.
- C . FortiGate allocates each IP address a maximum 10 Mbps of bandwidth.
- D . A single user uses the allocated bandwidth divided by total number of users.