• ホーム
  • ブログ
  • 最新のNSE7_SDW-7.0合格保証付き試験問題集の認定サンプル問題 [Q32-Q53]

最新のNSE7_SDW-7.0合格保証付き試験問題集の認定サンプル問題 [Q32-Q53]

Share

最新のNSE7_SDW-7.0合格保証付き試験問題集の認定サンプル問題

最新NSE7_SDW-7.0テスト材料には有効なNSE7_SDW-7.0テストエンジン

質問 # 32
Refer to the exhibit.

Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change?
(Choose two.)

  • A. FortiGate evaluates new sessions.
  • B. FortiGate flushes all sessions.
  • C. FortiGate does not change existing sessions.
  • D. FortiGate terminates the old sessions.

正解:A、C

解説:
Explanation
FortiGate not to flag existing impacted session as dirty by setting firewall-session-dirty to check new. The results is that FortiGate evaluates only new session against the new firewall policy.


質問 # 33
Which two performance SLA protocols enable you to verify that the server response contains a specific value?
(Choose two.)

  • A. dns
  • B. http
  • C. icmp
  • D. twamp

正解:A、B


質問 # 34
Refer to the exhibits.
Exhibit A

Exhibit B

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.
Based on the exhibits, which two statements are correct? (Choose two.)

  • A. FortiGate updated the outgoing interface list on the rule so it prefers port2.
  • B. Port2 has the highest member priority.
  • C. Port2 has a lower latency than port1.
  • D. SD-WAN rule ID 1 is set to lowest cost (SLA) mode.

正解:A、C


質問 # 35
Refer to the exhibit.

Based on the exhibit, which action does FortiGate take?

  • A. FortiGate bounces port5 after it detects all SD-WAN members as dead.
  • B. FortiGate brings up port5 after it detects all SD-WAN members as alive.
  • C. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.
  • D. FortiGate brings down port5 after it detects all SD-WAN members as dead.

正解:C


質問 # 36
Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

  • A. Interface-based shaping mode
  • B. Reverse-policy shaping mode
  • C. Shared-policy shaping mode
  • D. Per-IP shaping mode

正解:A

解説:
Interface-based shaping goes further, enabling traffic controls based on percentage of the interface bandwidth.


質問 # 37
What are two common use cases for remote internet access (RIA)? (Choose two.)

  • A. Provide thorough inspection on spokes
  • B. Provide direct internet access on spokes
  • C. Centralize security inspection on the hub
  • D. Provide internet access through the hub

正解:C、D


質問 # 38
Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

  • A. get ipsec tunnel list
  • B. diagnose vpn tunnel list
  • C. get router info routing-table all
  • D. diagnose debug application ike

正解:D


質問 # 39
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

  • A. All SD-WAN rules have the default setting enabled.
  • B. The sdwan_service_id flag in the session information is 0.
  • C. Traffic does not match any of the entries in the policy route table.
  • D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

正解:B、C

解説:
sdwan_service_id is 0 = match SD-WAN implicit rule, study guide 7.0 page 120, 7.2 page 149 SD-WAN rules internally are interpreted as a Policy route, so when the traffic doesn't match with any policy route, it will be flowing by implict policy.


質問 # 40
What is the route-tag setting in an SD-WAN rule used for?

  • A. To indicate the members that can be used to route SD-WAN traffic.
  • B. To indicate the routes that can be used for routing SD-WAN traffic.
  • C. To indicate the destination of a rule based on learned BGP prefixes.
  • D. To indicate the routes for health check probes.

正解:C


質問 # 41
Refer to the exhibit.

In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs?

  • A. It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs.
  • B. It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance.
  • C. It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.
  • D. It instructs the hub to skip content inspection on TCP traffic, to improve performance.

正解:A


質問 # 42
Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?

  • A. When T_INET_0_0 has a latency of 250 ms.
  • B. When T_MPLS_0 has a latency of 100 ms.
  • C. When T_INET_0_0 and T_MPLS_0 have the same latency.
  • D. When T_N1PLS_0 has a latency of 80 ms.

正解:D


質問 # 43
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

  • A. All SD-WAN rules have the default setting enabled.
  • B. The sdwan_service_id flag in the session information is 0.
  • C. Traffic does not match any of the entries in the policy route table.
  • D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

正解:B、C


質問 # 44

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.
Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

  • A. London generates an IKE information message that contains the Toronto public IP address.
  • B. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
  • C. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
  • D. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.

正解:C、D


質問 # 45
Refer to the exhibit.

Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?

  • A. type must be set to static.
  • B. exchange-interface-ip must be enabled.
  • C. mode-cfg must be enabled.
  • D. add-route must be disabled.

正解:D

解説:
for using "non ike" routes (for example BGP/static and so on) you must do disable the add-route that inject automatically kernel route based on p2 selectors from the remote site from the SD-WAN_7.2_Study_Guide page 236


質問 # 46
Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members?

  • A. diagnose sys sdwan zone
  • B. diagnose sys sdwan interface
  • C. diagnose sys sdwan service
  • D. diagnose sys sdwan member

正解:A


質問 # 47
Refer to the exhibits.
Exhibit A

Exhibit B -

Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.
The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?

  • A. The traffic will be routed over T_INET_0_0.
  • B. The traffic will be load balanced across all three overlays.
  • C. The traffic will be routed over T_INET_1_0.
  • D. The traffic will be routed over T_MPLS_0.

正解:C


質問 # 48
Refer to the exhibit.

The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from other spokes and the additional paths.
Based on the exhibit, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three.)

  • A. Set additional-path to send
  • B. Set advertisement-interval to the number of additional paths to advertise
  • C. Set adv-additional-path to the number of additional paths to advertise
  • D. Enable route-reflector-client
  • E. Enable soft-reconfiguration

正解:A、C、D


質問 # 49
Refer to the exhibit.

FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)

  • A. Specify a unique peer ID for each dial-up VPN interface.
  • B. Use unique Diffie Hellman groups on each VPN interface.
  • C. Use different proposals are used between the interfaces.
  • D. Configure the IKE mode to be aggressive mode.

正解:A、D


質問 # 50
Which two interfaces are considered overlay links? (Choose two.)

  • A. GRE
  • B. LAG
  • C. IPsec
  • D. Physical

正解:A、C


質問 # 51
What does enabling the exchange-interface-ip setting enable FortiGate devices to exchange?

  • A. The IP address of their IPsec interfaces
  • B. The gateway address of their IPsec interfaces
  • C. The name of their IPsec interfaces
  • D. The tunnel ID of their IPsec interfaces

正解:A


質問 # 52
Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?

  • A. Interface-based shaping mode
  • B. Reverse-policy shaping mode
  • C. Shared-policy shaping mode
  • D. Per-IP shaping mode

正解:A

解説:
Explanation
Interface-based shaping goes further, enabling traffic controls based on percentage of the interface bandwidth.


質問 # 53
......

NSE7_SDW-7.0サンプルには正確な更新された問題がこちら:https://www.passtest.jp/Fortinet/NSE7_SDW-7.0-shiken.html

NSE7_SDW-7.0更新された試験問題集で[2024年最新] 練習には有効な試験問題集:https://drive.google.com/open?id=1qHUj7o-8q-TTc8rSrtZti8YoIAtdVtJj

関するブログ

もっと
NSE7_SDW-7.0 無料問題集