Practice Free NSE6_SDW_AD-7.6 Exam Online Questions
Refer to the exhibits.
You connect to a device behind a branch FortiGate device and initiate a ping test. The device is part of the LAN subnet and its IP address is 10.0.1.101.
Based on the exhibits, which interface uses branch 1_fgt to steer the test traffic?
- A . port4
- B . HUB1-VPN1
- C . port1
- D . port2
Refer to the exhibit.
In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs?
- A . It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.
- B . It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.
- C . It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
- D . It instructs the hub to skip content inspection on TCP traffic, to improve performance.
What is the purpose of deploying a hub-and-spoke IPsec topology for SD-WAN and ADVPN?
- A . To provide high-speed internet connectivity
- B . To centralize configuration and management
- C . To ensure secure communication between sites
- D . To improve application performance
What is the purpose of deploying a hub-and-spoke IPsec topology for SD-WAN and ADVPN?
- A . To provide high-speed internet connectivity
- B . To centralize configuration and management
- C . To ensure secure communication between sites
- D . To improve application performance
In which order does FortiGate consider the following elements during the route lookup process? Choose one answer.
- A . SD-WAN rules, ISDB routes, policy routes, BGP routes
- B . Policy routes, SD-WAN rules, Internet Service Database (ISDB) routes, BGP routes
- C . SD-WAN rules, policy routes, static routes, ISDB routes
- D . Policy routes, ISDB routes, SD-WAN rules, static routes
D
Explanation:
In FortiOS (including FortiOS 7.6), FortiGate follows a strict and well-defined route lookup order when determining how to forward traffic. This order is critical for understanding SD-WAN behavior and is explicitly referenced in the FCSS SD-WAN curriculum.
The correct lookup sequence is:
Policy routes (Policy-Based Routing)
Policy routes are evaluated first. If traffic matches a policy route, FortiGate immediately forwards the traffic according to that policy and bypasses all other routing mechanisms.
Internet Service Database (ISDB) routes
If no policy route matches, FortiGate checks ISDB routes. These routes match traffic based on Internet Services rather than destination IP prefixes.
SD-WAN rules
If neither a policy route nor an ISDB route matches, FortiGate evaluates SD-WAN rules to determine the outgoing interface based on the configured SD-WAN strategy.
Routing table (connected, static, and dynamic routes such as BGP)
If no SD-WAN rule matches, FortiGate performs a normal routing table lookup.
FIB (Forwarding Information Base)
The FIB is used to forward the packet based on the selected route.
Drop
If no valid route exists, the packet is dropped.
Among the options provided, only Option D correctly reflects the beginning of this sequence by placing policy routes first, followed by ISDB routes, then SD-WAN rules, and finally static routes (representing the routing table).
Therefore, the correct answer is D.
Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)
- A . update-source
- B . set-route-tag
- C . hold time-timer
- D . link-down-failover
Which three protocols are available only on the command line to configure as performance SLA status check? (Choose three.)
- A . twamp
- B . smtp
- C . icmp
- D . tcp-echo
- E . udp-echo
Refer to the exhibits, which show the VPN configuration on a spoke and a hub.
The administrator wants to use those tunnels to build an SD-WAN topology.
Which one parameter must you modify to allow the tunnel to come up and be used in the SD-WAN topology?
- A . Set exchange-interface-ip to enable on the hub side.
- B . Change ike-version to 2 on the hub and the spoke.
- C . Set the type to dynamic on the hub side.
- D . Set mode-cfg to enable on the spoke side.
Refer to the exhibit.
An administrator checks the status of an SD-WAN topology using the FortiManager SD-WAN monitor menus. All members are configured with one or two SLAs.
Which two conclusions can you draw from the output shown? (Choose two.)
- A . The template view should be used to see the hub devices.
- B . One member of branch2_fgt is missing the SLAs.
- C . branch2_fgt establishes six tunnels to the hubs and they are all up.
- D . This SD-WAN topology contains only two branch devices.
B, D
Explanation:
From the SD-WAN monitor in FortiManager:
"The SD-WAN monitor provides a summary view of the branch devices and their members. In the scenario shown, it is clear that branch2_fgt is missing SLA configuration for one member, as evidenced by the lack of performance metrics. The monitor also shows only two branches in the current topology, allowing quick assessment of branch health and configuration completeness."
This kind of visibility is vital for proactive monitoring and rapid troubleshooting in SD-WAN
environments.
Reference: [FCSS_SDW_AR-7.4 1-0.docx Q18]
FortiManager SD-WAN Monitoring Guide, “Branch Device Health and SLA Status Visualization”
Which two tasks are part of using central VPN management? (Choose two.)
- A . You can configure full mesh, star, and dial-up VPN topologies.
- B . You must enable VPN zones for SD-WAN deployments.
- C . FortiManager installs VPN settings on both managed and external gateways.
- D . You configure VPN communities to define common IPsec settings shared by all VPN gateways.