option
Cuestiones
ayuda
daypo
buscar.php

SDWAN 1/3

COMENTARIOS ESTADÍSTICAS RÉCORDS
REALIZAR TEST
Título del Test:
SDWAN 1/3

Descripción:
SDWAN 1/3

Fecha de Creación: 2025/07/14

Categoría: Otros

Número Preguntas: 35

Valoración:(0)
COMPARTE EL TEST
Nuevo ComentarioNuevo Comentario
Comentarios
NO HAY REGISTROS
Temario:

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.). FEC supports hardware offloading. FEC improves reliability of noisy links. FEC transmits parity packets that can be used to reconstruct packet loss. FEC can leverage multiple IPsec tunnels for parity packets transmission.

Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate. Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?. port1 is assigned a manual IP address. port1 is referenced in a firewall policy. port2 is referenced in a static route. port1 and port2 are not administratively down.

What is the route-tag setting in an SD-WAN rule used for?. To indicate the routes for health check probes. To indicate the destination of a rule based on learned BGP prefixes. To indicate the routes that can be used for routing SD-WAN traffic. To indicate the members that can be used to route SD-WAN traffic.

In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two ). Traffic has matched none of the FortiGate policy routes. Matched traffic failed RPF and was caught by the rule. The FIB lookup resolved interface was the SD-WAN interface. An absolute SD-WAN rule was defined and matched traffic.

Which two statements about SD-WAN central management are true? (Choose two.). The objects are saved in the ADOM common object database. It does not support meta fields. It uses templates to configure SD-WAN on managed devices. It supports normalized interfaces for SD-WAN member configuration.

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.). It ensures consistent settings between phase1 and phase2. It guides the administrator to use Fortinet recommended settings. It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM. The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?. get router info routing-table all. diagnose debug application ike. diagnose vpn tunnel list. get ipsec tunnel list.

Which two statements reflect the benefits of implementing the ADVPN solution to replace conventional VPN topologies? (Choose two.). It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links. It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance. It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub. It provides direct connectivity between all sites by creating on-demand tunnels between spokes.

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.). SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements. Member metrics are measured only if an SLA target is configured. When configuring an SD-WAN rule you can select multiple SLA targets of the same performance SLA. SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

Which action fortigate performs on the traffic that is subject to a per-IP traffic shaper of 10 Mbps?. FortiGate applies traffic shaping to the original traffic direction only. FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses. Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps. FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

Which type statements about the SD-WAN members are true? (Choose two.). You can manually define the SD-WAN members sequence number. Interfaces of type virtual wire pair can be used as SD-WAN members. Interfaces of type VLAN can be used as SD-WAN members. An SD-WAN member can belong to two or more SD-WAN zones.

Exhibit A shows the firewall policy and exhibit B shows the traffic shaping policy. The traffic shaping policy is being applied to all outbound traffic; however, inbound traffic is not being evaluated by the shaping policy. Based on the exhibits, what configuration change must be made in which policy so that traffic shaping can be applied to inbound traffic?. Create a new firewall policy, and the select the SD-WAN zone as Incoming Interface. In the traffic shaping policy, select Assign Shaping Class ID as Action. In the firewall policy, select Proxy-based as Inspection Mode. In the traffic shaping policy, enable Reverse shaper, and then select the traffic shaper to use.

Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth?. Interface-based shaping mode. Reverse-policy shaping mode. Shared-policy shaping mode. Per-IP shaping mode.

Which three matching traffic criteria are available in SD-WAN rules? (Choose three.). Type of physical link connection. Internet service database (ISDB) address object. Source and destination IP address. URL categories. Application signatures.

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a huband-spoke topology? (Choose two.). VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template. FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM. IPsec recommended template guides the administrator to use Fortinet recommended settings. IPsec recommended template ensures consistent settings between phase1 and phase2.

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.). update-source. set-route-tag. holdtime-timer. link-down-failover.

Refer to the exhibits. Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on FortiGate acting as the sender. Exhibit B shows the sniffer output on a FortiGate acting as the receiver. The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1_0. Based on the output shown in the exhibits, which two reasons can cause the observed behavior? (Choose two.). On the receiver FortiGate,packet-de-duplicationis enabled. The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way. The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU. On the sender FortiGate,duplication-max-numis set to3.

Refer to the exhibit. Which statement about the role of the ADVPN device in handling traffic is true?. This is a spoke that has received a query from a remote hub and has forwarded the response to its hub. Two hubs,10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other. This is a hub that has received a query from a spoke and has forwarded it to another spoke. Two spokes,192.2.0.1 and 10.0.2.101, forward their queries to their hubs.

Refer to the exhibit. Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.). The traffic shaper drops packets if the bandwidth is less than 2500 KBps. The measured bandwidth is less than 100 KBps. The traffic shaper drops packets if the bandwidth exceeds 6250 KBps. The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

Within IPsec tunnel templates available on FortiManager. which template will you use to configure static tunnels for a hub and spoke topology?. Static_IPsec_Recommended. Hub_IPsec_Recommended. Branch_IPsec_Recommended. IPsec_Fortinet_Recommended.

Refer to the exhibit. The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.). The reply direction of the asymmetric traffic flows from port2 to port3. The auxiliary session can be offloaded to hardware. The original direction of the symmetric traffic flows from port3 to port2. The main session cannot be offloaded to hardware.

Which are three key routing principles in SD-WAN? (Choose three.). FortiGate performs route lookups for new sessions only. Regular policy routes have precedence over SD-WAN rules. SD-WAN rules have precedence over ISDB routes. By default, SD-WAN members are skipped if they do not have a valid route to the destination. By default, SD-WAN rules are skipped if the best route to the destination is not an SD- WAN member.

Refer to the exhibit. Which conclusion about the packet debug flow output is correct?. The total number of daily sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped. The packet size exceeded the outgoing interface MTU. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the traffic shaper, and the packet was dropped. The number of concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy, and the packet was dropped.

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.). The session information output displays no SD-WAN-specific details. All SD-WAN rules have the default and gateway setting enabled. Traffic does not match any of the entries in the policy route table. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Refer to the Exhibits: Exhibit A, which shows the SD-WAN performance SLA and exhibit B shows the health of the participating SD-WAN members. Based on the exhibits, which statement is correct?. The dead member interface stays unavailable until an administrator manually brings the interface back. Port2 needs to wait 500 milliseconds to change the status from alive to dead. Static routes using port2 are active in the routing table. FortiGate has not received three consecutive requests from the SLA server configured for port2.

Refer to the exhibits. Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status. If port2 is detected dead by FortiGate, what is the expected behavior?. Port2 becomes alive after three successful probes are detected. FortiGate removes all static routes for port2. The administrator manually restores the static routes for port2, if port2 becomes alive. Host 8.8.8.8 is reachable through port1 and port2.

Which two statements about the SD-WAN zone configuration are true? (Choose two.). The service-sla-tie-break setting enables you to configure preferred member selection based on the best route to the destination. You can delete the default zones. The default zones are virtual-wan-link and SASE. An SD-WAN member can belong to two or more zones.

Refer to the exhibit. Which conclusion about the packet debug flow output is correct?. The original traffic exceeded the maximum packets per second of the outgoing interface, and the packet was dropped. The reply traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped. The original traffic exceeded the maximum bandwidth of the outgoing interface, and the packet was dropped. The original traffic exceeded the maximum bandwidth configured in the traffic shaper, and the packet was dropped.

Refer to the exhibits. Exhibit A shows two IPsec templates to define Branch_IPsec_1 and Branch_IPsec_2. Each template defines a VPN tunnel. Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device. You can assign only one template with a tunnel of fype static to each FortiGate device. You can define only one IPsec tunnel from branch devices to HUB1. You can assign only one IPsec template to each FortiGate device. You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.

Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.). FortiGate flushes all sessions. FortiGate terminates the old sessions. FortiGate does not change existing sessions. FortiGate evaluates new sessions.

The administrator uses the FortiManager SD-WAN overlay template to prepare an SD- WAN deployment. With information provided through the SD-WAN overlay template wizard, FortiManager creates templates ready to install on spoke and hub devices. Select three templates created by the SD-WAN overlay template for a spoke device.(Choose three.). System template. BGP template. IPsec tunnel template. CLI template. Overlay template.

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?. diagnose sys sdwan sla-log. diagnose ays sdwan health-check. diagnose sys sdwan intf-sla-log. diagnose sys sdwan log.

Which two interfaces are considered overlay links? (Choose two.). LAG. IPsec. Physical. GRE.

What is true about SD-WAN multiregion topologies?. Each region has its own SD-WAN topology. It is not compatible with ADVPN. Regions must correspond to geographical areas. Routing between the hub and spokes must be BGP.

Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.). http. icmp. twamp. dns.

Denunciar Test
Chistes IA