Practice Free NSE6_SDW_AD-7.6 Exam Online Questions
What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)
- A . The ISDB is dynamically updated and reduces administrative overhead.
- B . The ISDB requires application control to maintain signatures and perform load balancing.
- C . The ISDB applies rules to traffic from specific sources, based on application type.
- D . The ISDB contains the IP addresses and port ranges of well-known internet services.
Refer to the exhibit.
The exhibit shows output of the command diagnose sys adwan aervice4 collected on a FortiGate device.
The administrator wants to know through which interface FortiGate will steer traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the social media application Facebook.
Based on the exhibits, which two statements are correct? (Choose two.)
- A . When FortiGate cannot recognize the application of the flow, it steers the traffic through the preferred member of rule 3, HQ_T1.
- B . There is no service defined for the Facebook application, so FortiGate appliesservice rule 3 and directs the traffic to headquarters.
- C . FortiGate steers traffic for social media applications according to the service rule 2 and steers traffic through port2.
- D . When FortiGate cannot recognize the application of the flow, it load balances the traffic through the tunnels HQ_T1. HQ_T2. HQ_T3.
C, D
Explanation:
Application-based SD-WAN rules enable intelligent traffic steering.
The guide specifies:
"If a flow is identified as belonging to a defined application category (such as social media), FortiGate will match it to the corresponding service rule (rule 2) and route it through the specified interface, such as port2. However, if the application is not recognized during the session setup, the system defaults to load balancing the traffic using the available tunnels according to the policy for unclassified traffic, ensuring continuous connectivity while waiting for application classification." This guarantees both performance and resilience.
Refer to exhibits.
Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy. FortiGate is not performing traffic shaping as expected, based on the policies shown in the exhibits.
To correct this traffic shaping issue on FortiGate, what configuration change must be made on which policy?
- A . The URL category must be specified on the traffic shaping policy.
- B . The shaper mode must be applied per-IP shaper on the traffic shaping policy.
- C . The web filter profile must be enabled on the firewall policy.
- D . The application control profile must be enabled on the firewall policy.
Refer to the exhibits.
You use FortiManager to configure SD-WAN on three branch devices.
When you install the device settings, FortiManager prompts you with the error “Copy Failed” for the device branch1_fgt. When you click the log button, FortiManager displays the message shown in the exhibit.
There are two different ways to resolve this issue.
Based on the exhibits, which methods could you use? (Choose two.)
- A . Update the management IP address of branch1_fgt.
- B . Specify the gateway of the SD-WAN member port1 with an IP address or use the default value.
- C . Do not define installation targets for SD-WAN members.
- D . Review the per-device mapping configuration for metadata variables
B, D
Explanation:
Specify the gateway of the SD-WAN member port1 with an IP address or use the default value → The error log shows invalid ip C prop[gateway]: ip4class(${sdwan_port1_gw}) invalid ip addr, meaning the variable ${sdwan_port1_gw} does not have a valid mapping. Assigning a valid IP address or default value for the gateway resolves this error.
Review the per-device mapping configuration for metadata variables → The issue is tied to how the metadata variable ${sdwan_port1_gw} is mapped for branch1_fgt. If this device does not have the variable properly defined in per-device mapping, the configuration will fail. Correcting the mapping ensures that the install works.
What does forward error correction do?
- A . It generates parity packets with redundant data.
- B . It reorders packets at the destination.
- C . It buffers packets and transmits them at the appropriate speed.
- D . It sends the same packets across multiple links.
You used the HUB IPsec_Recommended and the BRANCH IPsec_Recommended templates to define the overlay topology. Then, you used the SD-WAN template to define the SD- WAN members, rules, and performance SLAs.
You applied the changes to the devices and want to use the FortiManager monitors menu to get a graphical view that shows the status of each SD-WAN member.
Which statement best explains how to obtain this graphical view?
- A . Use the SD-WAN monitor template view to get a map view of the branches, hub, and tunnel status, including the SLA pass or missed status.
- B . Use the SD-WAN monitor table view to get a donut view and a table view that shows the status of each SD-WAN member, including the SLA pass or missed status.
- C . Use the VPN monitor map view to get a map view of the branches, hub, and tunnel status, including the SLA pass or missed status.
- D . Use the SD-WAN monitor asset view to get a donut view and a table view that shows the status of each device and the SLA status of each SD-WAN member.
B
Explanation:
The SD-WAN monitor’s table view in FortiManager provides a donut visualization plus a detailed table that shows each SD-WAN member’s status and SLA pass/miss, giving the per-member health view you’re after.
Which FortiManager feature allows for the management of firmware upgrades for SD-WAN devices?
- A . Device Manager
- B . Firmware Manager
- C . Configuration Manager
- D . Audit Manager
What are two common use cases for remote internet access (RIA)? (Choose two.)
- A . Provide direct internet access on spokes
- B . Provide internet access through the hub
- C . Centralize security inspection on the hub
- D . Provide thorough inspection on spokes
You manage an SD-WAN topology. You will soon deploy 50 new branches.
Which three tasks can you do in advance to simplify this deployment? (Choose three.)
- A . Update the DHCP server configuration.
- B . Create model devices.
- C . Create a ZTP template.
- D . Define metadata variables value for each device.
- E . Create policy blueprint.
B, C, E
Explanation:
When planning to deploy a large number of branches (e.g., 50), Fortinet recommends several preparatory steps to simplify and automate the rollout. Creating model devices allows you to predefine configurations and settings that can be cloned or adapted for each branch, saving time and minimizing manual errors. Preparing a Zero Touch Provisioning (ZTP) template enables automatic onboarding and provisioning of new FortiGates as soon as they come online, reducing manual intervention. Lastly, creating a policy blueprint allows for standardized policy deployment across all branches, ensuring consistent security and SD-WAN rule enforcement. This holistic approach streamlines the deployment process, allows for rapid scaling, and ensures that all devices are configured according to corporate policy from day one.
Reference: [FCSS_SDW_AR-7.4 1-0.docx Q8]
Fortinet SD-WAN 7.4 Reference Architecture, “ZTP and Model Device Strategies for Scalable Rollouts” FortiManager Admin Guide, “Policy Blueprints and Automation for Branch Deployment”
Which SD-WAN traffic shaping technique uses deep packet inspection to identify and prioritize traffic?
- A . Quality of Service (QoS)
- B . Link steering
- C . Application steering
- D . Load balancing