Practice Free NSE6_SDW_AD-7.6 Exam Online Questions
Refer to the exhibits.
The VPN configuration on a spoke and a hub is shown.
The administrator wants to use those tunnels to build an SD-WAN topology.
Which one parameter must you modify to allow the tunnel to come up and be used in the SD-WAN topology?
- A . Set exchange-interface-ip to enable on the hub side.
- B . Set mode-cfg to enable on the spoke side.
- C . Change ike-version to 2 on the hub and the spoke.
- D . Set the type to dynamic on the hub side.
Which two features are supported by IKEv2 and not by IKEv1? (Choose two.)
- A . Asymmetric authentication
- B . IKE mode configuration
- C . IKE aggressive mode
- D . Network overlay ID
Refer to the exhibit.
How does FortiGate handle the traffic with the source IP address 10.0.1.27 and the destination IP address 128.66.0.111?
- A . FortiGate steers the traffic through port1.
- B . FortiGate drops the traffic flow.
- C . FortiGate steers the traffic through port2.
- D . FortiGate routes the traffic flow according to the forwarding information base (FIB), to either port1 or port2.
Which SD-WAN deployment type is most suitable for a hub-and-spoke IPsec topology with ADVPN?
- A . Internet-only SD-WAN
- B . Hybrid SD-WAN
- C . Cloud SD-WAN
- D . Branch SD-WAN
Which component is responsible for measuring and reporting application performance in SD-WAN?
- A . SD-WAN controllers
- B . SD-WAN gateways
- C . SD-WAN members
- D . SD-WAN appliances
You want FortiGate to use SD-WAN rules to steer local-out traffic.
Which two constraints should you consider? (Choose two.)
- A . By default, FortiGate uses SD-WAN rules only for local-out traffic that corresponds to ping and traceroute.
- B . By default, local-out traffic does not use SD-WAN.
- C . You can steer local-out traffic only with SD-WAN rules that use the manual strategy.
- D . You must configure each local-out feature individually to use SD-WAN.
B, D
Explanation:
By default, local-out traffic does not use SD-WAN → FortiGate normally sends local-out traffic (e.g., DNS, NTP, FortiGuard updates) directly through its interfaces without applying SD-WAN rules.
You must configure each local-out feature individually to use SD-WAN → To steer local-out traffic via SD-WAN, you must explicitly configure the desired local-out features (e.g., DNS, FortiGuard, CAPWAP) to use SD-WAN rules.
You have configured the performance SLA with the probe mode as Prefer Passive.
What are two observable impacts of this configuration? (Choose two.)
- A . FortiGate passively monitors the member if TCP traffic is passing through the member.
- B . After FortiGate switches to active mode, the SLA performance rule falls back to passive monitoring after 3 minutes.
- C . FortiGate passively monitors the member if ICMP traffic is passing through the member.
- D . During passive monitoring, the SLA performance rule cannot detect dead members.
- E . FortiGate can offload the traffic that is subject to passive monitoring to hardware.
A, D
Explanation:
In FortiOS 7.6, when a Performance SLA probe mode is set to Prefer Passive, FortiGate attempts to measure link performance using passive monitoring first, based on real user traffic. Only when passive monitoring is not possible does FortiGate temporarily fall back to active probing.
With Prefer Passive, FortiGate passively monitors TCP traffic flowing through the SD-WAN member to calculate SLA metrics such as latency, jitter, and packet loss. This behavior directly matches option A.
During passive monitoring, FortiGate relies on observed traffic to infer link health. Because no
synthetic probes are sent, a completely dead link (with no traffic passing) cannot be detected by the SLA during passive mode. As a result, dead members may not be immediately detected, which makes option D correct.
Option B is incorrect because there is no fixed 3-minute timer defined in FortiOS 7.6 that forces a return from active probing back to passive monitoring.
Option C is incorrect because passive SLA monitoring is based on TCP traffic, not ICMP traffic. ICMP is used for active probing, not passive monitoring.
Option E is incorrect because traffic subject to passive SLA monitoring cannot be offloaded to hardware. Passive SLA measurement requires software inspection of packets, which prevents NPU offloading.
Therefore, the two correct observable impacts of configuring the probe mode as Prefer Passive are A and D.
Refer to the exhibits.
Exhibit A
Exhibit B
Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status. The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
- A . The traffic will be load balanced across all three overlays.
- B . The traffic will be routed over T_INET_0_0.
- C . The traffic will be routed over T_MPLS_0.
- D . The traffic will be routed over T_INET_1_0.