Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free Fortinet NSE7_SDW-7.2 Practice Exam with Questions & Answers | Set: 2

Questions 11

Which two statements reflect the benefits of implementing the ADVPN solution to replace conventional VPN topologies? (Choose two.)

Options:
A.

It creates redundant tunnels between hub-and-spokes, in case failure takes place on the primary links.

B.

It dynamically assigns cost and weight between the hub and the spokes, based on the physical distance.

C.

It ensures that spoke-to-spoke traffic no longer needs to flow through the tunnels through the hub.

D.

It provides direct connectivity between all sites by creating on-demand tunnels between spokes.

Fortinet NSE7_SDW-7.2 Premium Access
Questions 12

Which diagnostic command can you use to show the SD-WAN rules, interface information, and state?

    diagnose sys sdwan service

    diagnose sys sdwan route-tag-list

    diagnose sys sdwan member

Options:
A.

diagnose sys sdwan neighbor

Questions 13

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)

Options:
A.

VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

B.

FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

C.

IPsec recommended template guides the administrator to use Fortinet recommended settings.

D.

IPsec recommended template ensures consistent settings between phase1 and phase2

Questions 14

Which are two benefits of using CLI templates in FortiManager? (Choose two.)

Options:
A.

You can reference meta fields.

B.

You can configure interfaces as SD-WAN members without having to remove references first.

C.

You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.

D.

You can configure advanced CLI settings.

Questions 15

Refer to the exhibit.

NSE7_SDW-7.2 Question 15

Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?

Options:
A.

type must be set to static.

B.

mode-cfg must be enabled.

C.

exchange-interface-ip must be enabled.

D.

add-route must be disabled.

Questions 16

Refer to the exhibit.

NSE7_SDW-7.2 Question 16

Which statement about the role of the ADVPN device in handling traffic is true?

Options:
A.

An IKE session is established between 10.0.1.101 and 10.0.2.101 in the process of forming a shortcut tunnel.

B.

This is a hub that has received an offer from a spoke and has forwarded it to another spoke.

C.

Two spokes. 192.2. 1 and 10.0.2.101. establish a shortcut.

D.

This is a spoke that has received an offer from a remote hub.

Questions 17

Refer to the exhibit.

NSE7_SDW-7.2 Question 17

Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?

Options:
A.

The type of traffic defined and allowed on firewall policy ID 1 is UDP.

B.

FortiGate has terminated the session after a change on policy ID 1.

C.

Changes have been made on firewall policy ID 1 on FortiGate.

D.

Firewall policy ID 1 has source NAT disabled.

Questions 18

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.)

Options:
A.

It ensures consistent settings between phase1 and phase2.

B.

It guides the administrator to use Fortinet recommended settings.

C.

It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

D.

The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

Questions 19

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?

Options:
A.

hold-down-time

B.

link-down-failover

C.

auto-discovery-shortcuts

D.

idle-timeout

Questions 20

What is the route-tag setting in an SD-WAN rule used for?

Options:
A.

To indicate the routes for health check probes.

B.

To indicate the destination of a rule based on learned BGP prefixes.

C.

To indicate the routes that can be used for routing SD-WAN traffic.

D.

To indicate the members that can be used to route SD-WAN traffic.

Exam Code: NSE7_SDW-7.2
Certification Provider: Fortinet
Exam Name: Fortinet NSE 7 - SD-WAN 7.2
Last Update: Jul 15, 2025
Questions: 99

Fortinet Related Exams

How to pass Fortinet NSE7_ADA-6.3 - Fortinet NSE 7 - Advanced Analytics 6.3 Exam
How to pass Fortinet NSE7_EFW-7.0 - Fortinet NSE 7 - Enterprise Firewall 7.0 Exam
How to pass Fortinet NSE7_LED-7.0 - Fortinet NSE 7 - LAN Edge 7.0 Exam
How to pass Fortinet NSE7_SDW-7.0 - Fortinet NSE 7 - SD-WAN 7.0 Exam
How to pass Fortinet NSE7_OTS-7.2 - Fortinet NSE 7 - OT Security 7.2 Exam
How to pass Fortinet NSE7_PBC-7.2 - Fortinet NSE 7 Public Cloud Security 7.2 (FCSS) Exam
How to pass Fortinet NSE7_EFW-7.2 - Fortinet NSE 7 - Enterprise Firewall 7.2 Exam
How to pass Fortinet NSE7_ZTA-7.2 - Fortinet NSE 7 - Zero Trust Access 7.2 Exam
FCP_WCS_AD-7.4 - FCP - AWS Cloud Security 7.4 Administrator
NSE6_FAD-6.2 - Fortinet NSE 6 - FortiADC 6.2
FCSS_CDS_AR-7.6 - FCSS - Public Cloud Security 7.6 Architect
NSE6_FAC-6.1 - Fortinet NSE 6 - FortiAuthenticator 6.1
FCP_FAC_AD-6.5 - FCP - FortiAuthenticator 6.5 Administrator
NSE6_FSA-4.2 - Fortinet NSE 6 - FortiSandbox 4.2
NSE6_FSW-6.4 - Fortinet NSE 6 - FortiSwitch 6.4
Fortinet Free Access
Get Fortinet Full Access

Fortinet Free Exams
Fortinet Free Exams
Access free Fortinet exam study guides and practice tests at Examstrack. Ensure your success with top-notch preparation resources at Examstrack.