option
Cuestiones
ayuda
daypo
buscar.php

TEST BORRADO, QUIZÁS LE INTERESE: Zascuas

COMENTARIOS ESTADÍSTICAS RÉCORDS
REALIZAR TEST
Título del Test:
Zascuas

Descripción:
pruebas_1

Autor:
cuias
OTROS TESTS DEL AUTOR

Fecha de Creación: 03/08/2024

Categoría: Arte

Número Preguntas: 103
COMPARTE EL TEST
COMENTARNuevo Comentario
No hay ningún comentario sobre este test.
Temario:
Refer to the exibit. Which conclusion about the packet debug flow output is correct? The original traffic exceeded the maximum packets per second of the outgoing interface and the packet was dropped The original traffic exceeded the maximum bandwidth configures in the traffic shaper and the packet was dropped The original traffic exceeded the maximum bandwidth of the outgoing interface and the packet was dropped The reply traffic exceeded the maximum bandwidth configured in the traffic shaper and the packet was dropped.
Which two statements about SLA targets and SD-WAN rules are true? (Choose two) Member metric are measured only if an SLA target is configured When configuring an SD-WAN rule you can select multiple SLA targets of the same performance SLA SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.
Exhibit A shows the systems interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate based on the FortiGate configuration shown in the exhibits what issue migth you encounter when creating an SD-WAN zone port1 and port2? port1 is assigned a manual IP address port1 is referenced in a firewall policy port1 and port2 are not administratively down port2 is referenced in a static route.
Refer to the exhibit. Based on the output, which two conclusions are true? (Choose two) There is more than one SD-WAN rule configured Entry 1 (id=1) is a regular policy route The SD-WAN rules take precedence over regular policy routes The all_rules rule represents the implicit SD-WAN rule.
Which two task are part of using central VPN management? (Choose two) You configure VPN communities to define communities IPsec settings shared by all VPN gateway FortiManager installs VPN settings on both managed and external gateways You must enable VPN zones for SD-WAN deployments You can configure full mesh star and dialup VPN topologies.
Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two) Encapsulating Security Payload (ESP) Security Association (SA) Internet Key Exchange (IKE) Secure Shell (SSH).
Which three matching traffic criteria are available in SD-WAN rules? (Choose three) URL categories Type of physical link connection Internet service database (ISDB) address object Source and destination IP address Appication signatures.
Two hub-and-spoke groups are connected through a site to site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub and spoke groups. If an ADVPN on-demand tunnel is established betweenToronto and London which two configuration settings are required for ADVPN to work? (Choose two) Auto-discovery forwarder is enabled on all IPsec VPNs On the subnets auto-discovery-recovery is enabled on the IPsec VPN to the hub On the hubs auto-discovery-sender is enabled on the IPsec VPNs to spokes On the hubs tunnel search is set selects.
Which statements is correct about SD-WAN and ADVPN? SD-WAN does not monitor the health and performance of ADVPN shortcuts SD-WAN can steer traffic to ADVPN shortcuts only for rules defined with strategy manual or best quality SD-WAN cannot steer traffic to ADVPN shortcuts established over IPsec overlays if the zone contains physical interfaces SD-WAN can steer traffic to ADVPN shortcuts established over IPsec overlays configured as SD-WAN members.
Which two interfaces are considered overlay links? (Choose two) LAG IGRE IPsec Physical.
Refer to the exhibit. Which two conclusions for traffic that matches the traffic shaper are true? (Choose two) The traffic shaper limits the bandwidth of each source IP a maximum of 6250 KBps The measured bandwidth is less than 100 KBps The traffic shaper drops packets if the bandwidth is less than 2500 KBps The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.
Which best describes the SD-WAN traffic shaping mode that bases itself on a percentage of available bandwidth? Shared policy shaping mode Per IP shaping mode Interface based shaping mode Reverse policy shaping mode.
What are two reasons why it is effective to implement the internet service database (ISDB) in an SD-WAN rule? (Choose two) The ISDB applies rules to traffic from specific sources based on application type The ISDB is dynamically updated and reduces administrative overhead The ISDB contains the IP addresses and port ranges of well-known destinations The ISDB requires application control maintain signatures and perform load balancing.
Which two statements about SD-WAN central management are true? (Choose two) It does not allow you monitor the status of SD-WAN members It uses templates to configure SD-WAN on managed devices It is enabled by default It is enabled or disabled on a per-ADOM basis.
Refer to the exhibit Two hub and spoke groups are connected through a site to site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub and spoke groups. Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two) London generates an IKE information message that contains the Toronto public IP address The first packets from Toronto to London are routed through Hub 1 then to hub 2 Toronto needs to establish a site to site tunnel with to bypass Hub 1 Traffic from Toronto to London triggers the dynamic negotiation of a direct site to site VPN.
Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation? Diagnose sys virtual wan link service Get ipsec tunnel list Get router into routing table Diagnose debug application ike.
Refer to the exhibit. The exhibit shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member? When T_MPLS_0 has a latency of 80 ms When T_MPLS_0 has latency of 100 ms When T_INET_0_0 and T_MPLS_0 have the same latency When T_INET_0_0 has latency of 250 ms.
Refer to the exhibits. Exhibit A shows a site to site topology between two FortiGate Devices branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt. When branch1_client establishes a connection to dc1_host the administrator observes that on dc1_fgt, the reply traffic is routed over T_INET_0_0 even though T_INET_1_0 is the preferred member in the matching SD-WAN rule. Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0? Enable snat route change under config system local Enable auxiliary session under config system settings Disable tcp-session without syn uncer config system settings Disable allow subnet overlap under config system settings.
Refer to the exhibit which shows the IPsec phase 1 configuration of a spoke. What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN? You must disable idle timeout You must set ike version 1 You must enable net device You must enable auto discovery sender.
Refer to the exhibit which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec? exchange interface ip must be enabled type must be set to static mode cfg must be enabled add route must be disabled.
Refer to the exhibits Which two statement about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two) The phase 1 configuration supports the network overlay setting Dead peer detection is disabled FortiGate does not install IPsec static routes for remote protected networks in the routing table FortiGate facilitated the negotiation of the T_NET_1_0_0 ADVPN shortcut over T_INET_1_0.
Refer to the exhibits. Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration Based on the exhibits which statements are correct? (Choose two) FortiGate updated the outgoing interface list on the rule so it prefers port2 Port2 has a lower latency than port1 Port2 has the highest member priority sd-wan RULE id is set to lowest cost (SLA) mode.
Refer to the exhibits. Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status the routing table and the member status. The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule. Based on the exhibits what can the administrator expect for traffic matching the SD-WAN rule? The traffic will be routed over T_MPLS_0 The traffic will be routed over T_INET_0_0 The traffic will be load balanced accross all three overlays The traffic will be routed over T_INET_1_0.
Refer to the exhibits Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate Based on the exhibits which two actions does FortiGate perform on existing sessions established over port2 if the administrator increases the static route priority on port2 to 20? (Choose two) Fortigate updates the gateway information of the sessions with SNAT so that they use port 1 instead port2 FortiGate flags the sessions as dirty FortiGate continues routing the sessions with no SNAT over port2 FortiGate performs a route lookup for the original traffic only.
Refer to the exhibits Exhibit A shows the SD-WAN performance SLA configuration the SD-WAN rule configuration and the application IDs of faccebok and youtube. Exhibit B shows the firewall policy configuration and the underlay zone status. Based on the exhibits which two statements are correct about the health and performance of port1 and port2? (Choose two) FortiGate is unable to measure jitter and packet loss on Facebook and youtube traffic Non-TCP Facebook and YouTube are not used for performance measurement FortiGate identities the member as dead when there is no FaceBook and YouTube traffic passing throuhg the member The performance is an average of the metrics measured for Facebbok and YouTube traffic passing through the member.
Refer to the exhibit the device exchanges routes using IBGP. Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two) You can run the get router info routing-table database command to display the additional paths ibgp multipath is disabled additional path is enabled Each BGP route is three hops away from the destination.
Refer to the exhibit. Based on the exhibit which two actions does FortiGate perform sessions after a firewall policy change? (Choose two) FortiGate flushes all sessions FortiGate terminates the old sessions FortiGate does not change existing sessions FortiGate evaluates new sessions.
Refer to the exhibit. Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules? All traffic from a source IP is sent to the moist used interface All traffic from a source IP to a destination IP is sent to the same interface All traffic from a source IP to a destination IP is sent to the least used interface All traffic from a source IP is sent to the same interface.
Refer to the exhibit. Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status the routing table and the performance SLA status. if port 2 is detected dead by FortiGate what is the expected behavior? The administrator manually restores the static routes for port2 if port2 becomes alive Host 8.8.8.8 is reachable through port1 and port2 FortiGate removes all static routes for port2 Port2 becomes alive after three successful probes are detected.
What is the route-tag setting in a SD-WAN rule used for? To indicate the destination of a rule based on learned BGP prefixes To indicate the members that can be used to route SD-WAN traffic To indicate the routes for health check probes To indicate the routes that can be used for routing SD-WAN traffic.
Which are three key routing principles in SD-WAN? (Choose three) SD-WAN rules have precedence over ISDB routes By default SD-WAN rules are skipped if the best route to the destination is not a SD-WAN member By default SD-WAN member are skipped if they do not have a valid route to the destination Regular policy routes have precedence over SD-WAN rules FortiGate performs route lookups for new sessions only.
In a hub and spoke topology what are two advantages od enabling ADVPN on the IPsec overlays? (Choose two) It enables spokes to establish shortcuts to third party gateways It provides the benefits of a full mesh topology in a hub and spoke network It provides direct connectivity between spokes by creating shortcuts It enables spokes to bypass the hub during shortcut negotiation.
Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two) dns twamp icmp http.
Which are two benefits of using CLI templates in FortiManager? (Choose two) You can configure advanced CLI settings You can configure interfaces as SD-WAN members without having to remove references first You can reference meta fields You can configure FortiManager to sync local configuration changes made on the managed device to the CLI template.
Which two settings can you configure to speed up routing convergence in BGP? (Choose two) link down failover update source set route tag holdtime-timer.
Based on the exhibit which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two) FortiManager evaluates new sessions FortiGate flushes all sessions Fortigate does not change existing sessions FortiGate terminates the old sessions.
Refer to the exhibit Which statement explains the output shown in the exhibit? FortiGate not re-evaluate the session following a firewall policy change FortiGate performed standard FIB routing on the session FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic FortiGate must re-evaluate the session due to routing change.
Refer to the exhibit. An administrator is troubleshooting SD-WAN on FortiGate A device behind branch 1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0 However the traffic is routed over T_INET_1_0 Based on the output shown in the exhibit which two reasons can cause the observed behavior? (Choose two) T_INET_0_0 does not have a valid route to the destination T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0 The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device T_INET_1_0 has higher member configuration priority than T_INET_0_0.
Refer to the exhibit Which about the role of the ADVPN device in handling traffic is true? Two hubs 10.0.1.101 and 10.0.2.101 are receiving and forwarding queries between each other This is a spoke that has received a query from a remote hub and has forwarded the response to its hub Two spokes 192.2.0.1 and 10.0.2.101 forward theri queries to their hubs This is a hub that has received a query from a spoke and has forwarded it to another spoke.
Refer to the exhibit in a dual-hub hub-and-spoke SD-WAN deployment which is a benefit of disabling the anti-replay on the hubs? It instructs the hub to disable the reordering of TCP packets on behalf of the receiver to improve performance It instructs the hub to disable TCP sequence number check which is required for TCP sessions originated from spokes to fail over back and forth between the hubs It instructs the hub to skip content inspection on TCP to improve performance It instruct the hub to not check the ESP sequence numbers on IPsec traffic to improve performace.
Refer to the exhibit. The exhibit shows the SD-WAN rule status and configuration. Based on the exhibit which change in the measured packet loss will make T_INET_1_0 the new preferred member? When T_INET_0_0 has 12% packet loss When all three members have the same packet loss When T_INET_1_0 has 4% packet loss When T_INET_0_0 has 4% packet loss.
Refer to the exhibit. Which shows the IPsec phase 1 configuration of a spoke. What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN? You must set ike version to 1 You must disable idle timeout You must enable net-device You must enable auto discovery sender.
Refer to the exhibit. The exhibit shows the BGP configuration on the hub in a hub and spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, including additional paths. However when looking at the spoke routing table the administrator does not see the prefixes from other spokes and the additional paths. Based on the exhibit, which three settings must the adminstrator configure inside each BGP neighbor group so spokes can learn other spokes prefixes and their additional paths? (Choose three) Set advertisement interval to the number of additional paths to advertise Enable soft reconfiguration Set additional path to send Set adv-additional-path to the number of additional paths to advertise Enable route reflector client.
Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts? idle timeout auto discovery shortcuts link down failover hold down time.
Refer to the exhibit. Which are two expected behaviors of the traffic the matches the traffic shaper? (Choose two) The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec The number of simultaneous connections among all source IP address cannot exceed five connections The traffic shaper limits the combined bandwidth of all connections to a maximuim of 5 MB/sec The number of simultaneous connections allowed for each source IP address cannot exceed five connections.
Refer to the exhibit. Based on the exhibit which actions does FortiGate perform on traffic passing through port2? (Choose two) FortiGate always blocks all traffic after a route change FortiGate performs routing lookups for new sessions only after a route change FortiGate does not change the routing information on existing sessions that use a valid gateway after a route change FortiGate flushes all routing information frtom the session table after a route change.
Refer to the exhibit. Based on the exhibit, which action does FortiGate take? FortiGate port5 after it detects all SD-WAN member as dead FortiGate brings down port5 after detecs all SD-WAN members as dead FortiGate brings up port5 after it detecs all SD-WAN members as alive FortiGate fails over to the secondary device after it detecs all SD-WAN members as dead.
Refer to the exhibit. Which conclusion about the packet debug flow output is correct? The total of daily session for 10.1.10.1 exceeded the maximum number of cocurrent sessions configured in the traffic shaper and the packet was dropped The packet size exceeded the outgoing interface MTU The number of concurrent sessions for 10.1.10.1 exceeded the maximum number or concurrent sessions configured in the traffic shaper and the packect was dropped The number od concurrent sessions for 10.1.10.1 exceeded the maximum number of concurrent sessions configured in the firewall policy and the packet was dropped.
Refer to the exhibits. Exhibit A shows the traffic shapping policy and exhibit B shows the firewall policy, The administrator wants FortiGate to limit the bandwidth used by online streaming services. When testing the administrator determines that FortiGate does not apply traffic shaping on streaming traffic. Based on the policies shown in the exhibits what configuration change must be made so FortiGate traffic shaping on streaming traffic? Individual SD-WAN members must be selected as the outgoing interface on the traffic shapping policy Application control must be enabled oin the firewall policy Destination internet service must be enabled on the traffic shapping policy web filtering must be enabled on the firewall policy.
What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two) FEC improves reliability of noisy links FEC transmits parity packets than can be used to reconstruct packet loss FEC supports hardware offloading FEC can leverage multiple IPsec tunnels for parity packets transmission.
Refer to exhibit. Exhibit A shows the packet duplication rule configuracion. the SD-WAN zone output and the sniffer output on FortiGate acting as the sender. Exhibit B shows the sniffer output on a FortiGate acting as a the receiver. The adminitrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays but it only receives one reply packet through T_INET_1_0 Based on the output shown in the exhibits, Which two reasons can cause the observed behavior? (Choose two) On the receiver FortiGate packet duplication is enabled On the sender FortiGate duplication max num is set to 3 The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU.
Refer to the exhibit. Based on the exhibit which two statements are correct about the health of the selected members? (Choose two) FortiGate can offload the traffic that is subject to passive monitoring to hardware Afetr FortiGate switches to active mode FortiGate never fails back to passive monitoring FortiGate passively monitors the member if TCP traffic is passing through the member During passive monitoring Fortigate cant detect dead members.
Which statement about using BGP for ADVPN is true? You must configure AS path prepending You must configure BGP communities IBGP is preferred over EBGP because IBGP preserves next hop information You must use BGP to route traffic for both overlay and underlay links.
Refer to the exibit. The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offloading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two) The reply direction of asymmetric traffic flows from port2 to port3 The auxiliary session can be offloaded to hardware The original direction of the symmetric traffic flows from port3 to port2 The main session be offloaded to hardware.
Refer to the exibit. Which two SD-WAN template member settings support the use of FortiManager meta fields? (Choose two) Cost Interface member Gateway IP Priority.
Refer to the exhibits. Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10. Exibit B shows the SD-WAN rule configuration, the BGP neighbor configuration and the route map configuration. The administrator wants to steer corporate traffic using route tags in the SD-WAN rule ID 1, the administrator observes that the corporate traffic does not macht the SD-WAN rule ID 1. Based on the exhibits, which configuration change is required to fix the issue? In SD-WAN rule 1 change the destination to use ISDB entries In the dc 1 lab rm route map configuration set set-route tag to 10 In the BGP neighbor configuration apply the route map dc 1 lab rm in the outbound direction In the dc 1 lab rm route map configuration unset match community.
Refer to the exibit. An administrator is testing application steering in SD-WAN. Before generating test traffic. the administrator collected the information shown in exhibit A. After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but the expected the traffic to match rule 1. Which two reasons explain why the traffic matched the implicit SD-WAN rule? (Choose two) FortiGate did not refresh the routing information on the session after the application was detected The session 3 tuple did not match any of the existing entries in the ISDB application cache Port1 and Port2 do not have a valid route to the destination Full SSL inspection is not enable on the matching firewall policy.
Which two statement about the SD-WAN zone configuration are true? (Choose two) You can delete the default zones An SD-WAN member can belong to two or more zones The service sla-tie-break setting enables you to configure preferred member selection based on the best route to the destination The default zones are virtual wan link and SASE.
Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members? diagnose sys sdwan interface diagnose sys sdwan service diagnose sys sdwan zone diagnose sys sdwan member.
What is a benefit of using application steering in SD-WAN? You do not need to enable SSL inspection The traffic always skips the regular policy routes You steer traffic based on the detected application You do not need to configure firewall policies that accept the SD-WAN traffic.
What are two common uses cases for remote internet acces (RIA)? (Choose two) Provide through inspection on spokes Provide direct internet access on spokes Centralize security inspection on the hub Provide internet access through the hub.
Which two statements are true about using SD-WAN to steer local out traffic? (Choose two) FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local out traffic You must configure each local out feature individually to use SD-WAN By default local out traffic does not use SD-WAN By default FortiGate does not check if the selected member has a valid route to the destination.
What does enabling the exchange interface ip setting enable FortiGate devices to exchange? The tunnel ID of their IPsec interfaces The name of their IPsec interfaces The gateway address of their IPsec interfaces The IP address of their IPsec interfaces.
Refer to the exhibit. The exhibit shows the SD-WAN rule and configuration. Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member? When T_MPLS_0 has latency of 100 ms When T_INET_0_0 and T_MPLS_o have the same latency When T_MPLS_0 has a latency of 80 ms When T_INET_0_0 has a latency of 250 ms.
Refe to the exhibits. Exhibit A shows site to site topology between two devices branch 1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc 1_fgt When branch1_client establishes a connection to dc1_host the administrator observes that on dc1_fgt, the reply traffic is routed over T_INET_0_0 even though T_INET_1_0 is the preferred member in the matching SD-WAN rule. Based on the information shown in the exhibits what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0? Enable snat route change under config system global Enable auxiliary session under config system settings Disable allow subnet overlapo under config system settings Disale tcp session without syn under config system settings.
Refer to the exhibit which shows the IPsec phase 1 configuration of a spoke. What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN? You must enable auto discovery sender You must set ike version to 1 You must enable net-device You must disable idle timeout.
Refer to the exhibit which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec? mode cfg must be enabled exchange interface ip must be enabled add route must be disable type must be set to static.
Refer to the exhibits. Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true?(Choose two) Dead peer detection is disabled FortiGate does not install IPsec static routes for remote protected networks in the routing table The phase 1 configuration supports the networks overlay setting FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.
Refer to the exhibits. Exhibits A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration based on the exhibits which two statements are correct?(Choose two) FortiGate updated the outgoing interface list on the rule so it prefers port2 SD WAN rule ID 1 is set to lowest cost (SLA) mode Port2 has lower latency than port1 Port2 has the highest member priority.
Refer to the exhibit. Exhibits A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status the routing table and the member status. The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule. Based on the exhibits what can the administrator expect for traffic matching the SD-WAN rule? The traffic will be routed over T_MPLS_0 The traffic will be load balanced across all three overlays The traffic will be route over T_INET_1_0 The traffic will be routed over T_INET_0_0.
Refer to the exhibits. Exhibits A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FotiGate. Based on the exhibits which two actions does FortiGate perform on existing sessions established over port2 if the administrator increases the static route priority on port2 to 20?(Choose two) FortiGate continues routing the sessions with no SNAT over port2 FortiGate updates the gateway information on the sessions with SNAT so that they use port1 instead of port2 FortiGate flags sessions as dirty FortiGate performs a route lookup for the original traffic only.
Refer to the exhibits. Exhibits A shows the SD-WAN performance SLA configuration the SD-WAN rule configuration and the application IDs of Facebook and YouTube. Exhibit shows the firewall policy configuration and the underlay zone status. Based on the exhibits. which two statements are correct about the health and performance of port 1 and port2?(Choose two) Non-TCP Facebook and YouTube traffic are not used for performance measurement FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member The performance is an average of the metrics measured for Facebook and YouTue traffic passing through the member.
Refer to the exhibit. The device exchanges routes using IBGP. which two statements are correct about the IBGP configuration and routing information on the device?(Choose two) ibgp multipath is disabled You can run the get router info routing table database command to display the additional paths Each BGP route is three hops away from the destination additional path is enabled.
Refer to the exhibit. Based on the exhibit which two actions does FortiGate perform sessions after a firewall policy change?(Choose two) FortiGate does not change existing sessions FortiGate evaluates new session FortiGate flushes all session FortiGate terminates the old sessions.
Refer to the exhibit. Which algorithm does SD-WAN use to distribute traffic that does not match any of the SDWAN rules? All traffic from a source IP to a destination IP es sent to the least used interface All traffic from a source IP to a destination IP is sent to the same interface All traffic from a source IP is sent to the same interface All traffic from a source IP is set to the most used interface.
Refer to the exhibit. Exhibits A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table and the performance SLA status if port2is detected dead by FortiGate, What is the expected behavior? The administrator manually restores the static routes for port2 if port2 becomes alive FortiGate removes all static routes for port2 Port2 becomes alive after three successfull probes are detected Host 8.8.8.8 is reachable through port1 and port2.
what is the route tag setting in an SD-WAN rule used for? To indicate the destination of a rule based on learned BGP prefixes To indicate the routes for health check probes To indicate the members that can be used to route SD-WAN traffic To indicate the routes that can be used for routinh SD-WAN traffic.
Which are three key routing principles in SD-WAN?(Choose three) By default SD-WAN members are skipped if they do not have a valid route to the destination By defaultSD-WANrules are skipped if the best route to the destination is not an SD-WAN member regular policy routes have precedence over SD WAN rules FortiGate tperforms route lookups for new sessions only SD-WAN rules precedence over ISDB routes.
In a Hub and spoke topology what are two advantages of enabling ADVPN on the IPsec overlays?(Choose two) It provides direct connectivity between spokes by creating shortcuts It provides the benefits of all full mesh topology in a hub and spoke network It enables spokes to stablish shortcuts to third party gateways It enables spokes to bypass the hube durign shortcut negotiation.
Which two performance SLA protocols enable you to verify that server response contains a specific value?(Choose two) dns twamp icmp http.
Which are two benefits of using CLI templates in FortiManager?(Choose two) You can configure interfaces as SD-WAN members without having references first You can configure advanced CLI settings You can reference meta fields You can configure FortiManager to sync local configuration changes made on the managed device to the CLI template.
Which two settings can you configure to speed up routing convergence in BGP ?(Choose two) set route tag link down failover holdtime timer update source.
Which two statements about SD-WAN central management are true ?(Choose two) The objects are saved in the ADOM common object database It does not support meta fields It supports normalized interfaces for SD.WAN member configuration It uses templates to configure SD-WAN on managed devices.
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes? diagnose sys sdwan health check diagnose sys sdwan intf sla log diagnose sys sdwan log diagnose sys sdwan sla-log.
Refer to the exhibit that shows VPN event logs on FortiGate Based on the output shown in the exhibit which statement is true?(Choose two) There is one shortcut tunnel built from master tunnel T_MPLS_0 The master tunnel T_INET_0 cannot accpet the ADVPN shortcut The VPN tunnel T_MPLS_0 is a shortcut tunnel There are no IPsec tunnel statistics log messages for ADVPN shortcuts.
Refer to the exhibit. the administrator used the SD-WAN overlay template to prepare an IPsec tunnels configuration for a hub and spoke SD-WAN topology. The exhibit shows the FortiManager installation preview for one FortiGate device. Based on the exhibit, which statement best describes the configuration applied to the FortiGate device? It is a spoke device that establishes dynamic IPsec tunnels to the hub, it can send ADVPN shortcut requests It is a spoke device that establishes dynamic IPsec tunnels to the ub. The local subnet range is 10.10.128.0/23 It is a hub device it can send ASVPN shortcut offers It is a hub device and will automatically discover the spoke devices that are part of the SD-WAN topology.
Which statement about SD-WAN zones is true? An SD-WAN zone can contain only one type of interface You can configure up to 32 SD-WAN zones per VDOM You cannotuse an SD-WAN zone in static route definitions An SD-WAN zone can contain between 0 and 512 members.
Which characteristics apply to provisioning templates available on FortiManager?(Choose three) A CLI template can be of type CLI script or Perl script A template group can include a system template and an SD-WAN template A CLI template group can contain CLI templates of both types You cannot apply a system template and CLI template to the same FortiGate device CLI templates are applied in order from top to botom.
The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the task performed by the SD-WAN overlay template the administrator must perform some post run tasks- What are three mandatory post-run tasks that must be performed?(Choose three) Cresate policy packages for branch devices Configure routing through overlay tunnles created by the SD-WAN overlay template Assing an swan_id metadata variable to each device (branch and hub) Configure SD-WAN rules Assing a branch_id metadata variable to each branch device.
What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links?(Choose two) Packet duplication uses smaller parity packets which results in less bandwidth consumption Packet duplication supports hardware offloading Packet duplication does not require a route to the destination Packet duplication can leverage multiple IPsec overlays for sending additional data.
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub and spoke topology?(Choose two) The VPN monitor tool provides additional statistics for tunnel defined with an IPsec recommended template It guides the administrator to use Fortinet recommended settings It automatically install IPsec tunnels to every spoke when are added to the FortiManager ADOM It ensures consistent settings between phase1 and phase2.
Refer to the exhibits. which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true?(Choose two) UDP port 4500 is used for IPsecVPN traffic (ESP) FortiGate does not installo IPsec static routes for remote protected networks in the routing table FortiGate facilitated the negotiation of the T_INET_1_0 ADVPN shortcut over T_INET_1 The phase1 configuration supports the network overlay setting.
Refer to the exhibits. which shows ouput of the command diagnose sys swan health check status collected on a FortiGate device. Which two statement are correct about the health check status on this FortiGate device?(Choose two) The health check VPN PINMG orders the members accorfing to the measured jitter There is no SLA criteria configured for the health check Level3_DNS The interface T_INET_1 missed one SLA target The interface T_INET_0 missed three SLA targets.
Refer to the exhibits. Exhibit A shows two IPsec templates to define Branch IPsec 1 and Branch_IPsec_2. Each template defines a VPN tunnel Exhibit B shows the error messages that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device. Which statement best explain the cause for this issue? You can assing only one template with a tunnel of type static to each FortiGate device You can define only one IPsec tunnel from branch devices to HUB1 You showuld review the branch1_fgt configured tuinnel with the name HUB1 VPN2 You can assign only one IPsec template to each FortiGate device.
What is true abolut SD-WAN multiregion topologies? Regions must correspon to geographical areas Each region has its own SD-WAN topology It is not compatible with ADVPN Routing between the hub and spokes must be BGP.
The administrator uses the FortiManager SD-WAN overlay template to prepare an SD-WAN deployment. With information provided through the SD-WAN overlay template wizard. FortiManager createsd templates ready to install on spoke and hub devices. Select three templates created by the SD-WAN overlay template for a spoke device?(Choose three) Overlay template CLI template IPsec tunnel template System template BGP template.
Refer to the exhibit which shows an SD-WAN zone configuration on the FortiGate GUI. Based on the exhibit, which statement is true? The overlay zone contains four members You can delete the virtual wan link zone beacuse it contains no member You can move port1 from the underlay zone to the overlay zone The corporate zone contains no member.
Within IPsec tunnel templates available on FortiManager which template will you use to configure static tunnels for a hub and spoke topology? Hub_IPsec_Recommended IPsec_Fortinet_Recommended Branch_IPsec_Recommended Static_IPsec_Recommended.
Refer to the exhibit. Exhibit A shows a policy package definition. Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices. Based on the output shown in the exhibits, what can be administrator do to solve the issue? Use a metadata variable instead of a dynamic interface to define the firewall policy Dynamic mapping showuld be done automatically. Review the LAN interface configuration for branch2_fgt Create dynamic mapping for the LAN interface for all devices in the installation target list Policies can refer to only one LAN interface keep only the D-LAN which is the dynamic LAN interface.
Which two statement about the SD-WAN members are true?(Choose two) Interfaces of type VLAN can be used as SD-WAN members Interfaces of type virual wire pair can be used as SD-WAN members You can manually define the SD-WAN members sequence number An SD-WAN member can belong to two or more SD-WAN zones.
In which SD-WAN template field can you use a metadata variable? Any field identified with a dollar sign ($) in a magnifying glass Any field identified with an "M" in a circle All SD-WAN template fields support metadata variables You can use metadata variables only to define interface members and the gateway IP.
The exhibit shows output of the command diagnose sys sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application salesforce located on HQ servers 10.0.0.1 Based on the exhibits which two statements are correct?(Choose two) FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2 When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3 FortiGate steers traffic to HQ servers according to service rule 1 and it uses por1 or port2 becuase both interfaces are selected There is no service defined for the Salesforce application so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.
Which two statements are correct when traffic matches the implict SD-WAN rule?(Choose two) All SD-WAN rules have the default and gateway setting enabled Traffic does not match any of the entries in the policy route table Traffic is load balanced using the algorithm set for the v4 ecmp mode setting The session information output displays no SD-WAN specific details.
Denunciar Test