DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Fortinet FCSS_SDW_AR-7.4 Exam Questions and Answers, FCSS - SD-WAN 7.4 Architect | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
Refer to the exhibits. Exhibit A Exhibit B Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate. Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)
A. FortiGate flags the sessions as dirty
B. FortiGate continues routing the sessions with no SNAT, over port2
C. FortiGate performs a route lookup for the original traffic only
D. FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2
View answer
Correct Answer: AD
Question #2
What three characteristics apply to provisioning templates available on FortiManager? (Choose three.)
A. You can apply a system template and a CLI template to the same FortiGate device
B. A CLI template can be of type CLI script or Perl script
C. A template group can include a system template and an SD-WAN template
D. A template group can contain CLI templates of both types
E. Templates are applied in order, from top to bottom
View answer
Correct Answer: ABDE
Question #3
Refer to the exhibits. An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A. After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1. Which two reasons explain why the traffic matched the implicit
A. FortiGate did not refresh the routing information on the session after the application was detected
B. Port1 and port2 do not have a valid route to the destination
C. Full SSL inspection is not enabled on the matching firewall policy
D. The session 3-tuple did not match any of the existing entries in the ISDB application cache
View answer
Correct Answer: ABC
Question #4
Exhibit. The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)
A. The health-check VPN_PING orders the members according to the lowest jitter
B. The interface T_INET_1 missed one SLA target
C. There is no SLA criteria configured for the health-check Level3_DNcorrect
D. The interface T_INET_0 missed three SLA targets
View answer
Correct Answer: AC
Question #5
Refer to the exhibits. Exhibit A Exhibit B Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt. When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule. Based on the information shown in the exhibits, what configuration ch
A. Enable auxiliary-session under config system settings
B. Disable tсp-session-without-syn under config system settings
C. Enable snat-route-change under config system global
D. Disable allow-subnet-overlap under config system settings
View answer
Correct Answer: A
Question #6
Refer to the exhibits.
A. You can assign only one template with a tunnel of fype static to each FortiGate device
B. You can define only one IPsec tunnel from branch devices to HUB1
C. You can assign only one IPsec template to each FortiGate device
D. You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2
View answer
Correct Answer: C
Question #7
Which three matching traffic criteria are available in SD-WAN rules? (Choose three.)
A. Type of physical link connectioncorrect
B. Internet service database (ISDB) address objectcorrect
C. Source and destination IP addresscorrect
D. URL categories
E. Application signaturescorrect
View answer
Correct Answer: ABCE
Question #8
Refer to the exhibit. Which statement about the role of the ADVPN device in handling traffic is true?
A. This is a spoke that has received a query from a remote hub and has forwarded the response to its hub
B. Two hubs, 10
C. This is a hub that has received a query from a spoke and has forwarded it to another spoke
D. Two spokes, 192
View answer
Correct Answer: C
Question #9
Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?
A. hold-down-timecorrect
B. link-down-failover
C. auto-discovery-shortcuts
D. idle-timeout
View answer
Correct Answer: A
Question #10
Refer to the exhibit. The device exchanges routes using IBGP. Which two statements are correct about the IBGP configuration and routing information on the device? (Choose two.)
A. Each BGP route is three hops away from the destination
B. ibgp-multipath is disabled
C. additional-path is enabled
D. You can run the get router info routing-table database command to display the additional paths
View answer
Correct Answer: ACD
Question #11
Which two settings can you configure to speed up routing convergence in BGP? (Choose two.)
A. update-sourcecorrect
B. set-route-tag
C. holdtime-timercorrect
D. link-down-failovercorrect
View answer
Correct Answer: ACD
Question #12
What are two benefits of using the Internet service database (ISDB) in an SD-WAN rule? (Choose two.)
A. The ISDB is dynamically updated and reduces administrative overhead
B. The ISDB requires application control to maintain signatures and perform load balancing
C. The ISDB applies rules to traffic from specific sources, based on application type
D. The ISDB contains the IP addresses and port ranges of well-known internet services
View answer
Correct Answer: AD
Question #13
The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.)
A. Assign an sdwan_id metadata variable to each device (branch and hub)
B. Assign a branch_id metadata variable to each branch device
C. Create policy packages for branch devices
D. Configure SD-WAN rules
E. Configure routing through overlay tunnels created by the SD-WAN overlay template
View answer
Correct Answer: ABCD
Question #14
Refer to the exhibit. An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0. Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
A. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device
B. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0
C. T_INET_0_0 does not have a valid route to the destination
D. T_INET_1_0 has a higher member configuration priority than T_INET_0_0
View answer
Correct Answer: AC
Question #15
Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups. Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)
A. London generates an IKE information message that contains the Toronto public IP address
B. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPcorrect
C. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1
D. The first packets from Toronto to London are routed through Hub 1 then to Hub 2
View answer
Correct Answer: ABC
Question #16
Refer to the exhibit. The exhibit shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?
A. When all three members have the same packet loss
B. When T_INET_0_0 has 4% packet loss
C. When T_INET_0_0 has 12% packet loss
D. When T_INET_1_0 has 4% packet loss
View answer
Correct Answer: A
Question #17
Refer to the exhibits. Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on FortiGate acting as the sender. Exhibit B shows the sniffer output on a FortiGate acting as the receiver. The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1_0. Based on the
A. On the receiver FortiGate, packet-de-duplication is enabled
B. The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way
C. The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were ofloaded to NP
D. On the sender FortiGate, duplication-max-num is set to 3
View answer
Correct Answer: A
Question #18
What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology? (Choose two.)
A. VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template
B. FortiManager automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOcorrect
C. IPsec recommended template guides the administrator to use Fortinet recommended settings
D. IPsec recommended template ensures consistent settings between phase1 and phase2
View answer
Correct Answer: AB
Question #19
Refer to the exhibit. Which algorithm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules?
A. All traffic from a source IP to a destination IP is sent to the same interface
B. All traffic from a source IP is sent to the same interface
C. All traffic from a source IP is sent to the most used interface
D. All traffic from a source IP to a destination IP is sent to the least used interface
View answer
Correct Answer: A
Question #20
Refer to the exhibits. Exhibit A Exhibit B Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status. The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule. Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
A. The traffic will be load balanced across all three overlays
B. The traffic will be routed over T_INET_0_0
C. The traffic will be routed over T_MPLS_0
D. The traffic will be routed over T_INET_1_0
View answer
Correct Answer: D
Question #21
Which statement about SD-WAN zones is true?
A. An SD-WAN zone can contain only one type of interface
B. An SD-WAN zone can contain between 0 and 512 members
C. You cannot use an SD-WAN zone in static route definitions
D. You can configure up to 32 SD-WAN zones per VDO
View answer
Correct Answer: B
Question #22
What are two common use cases for remote internet access (RIA)? (Choose two.)
A. Provide direct internet access on spokescorrect
B. Provide internet access through the hubcorrect
C. Centralize security inspection on the hubcorrect
D. Provide thorough inspection on spokes
View answer
Correct Answer: ABC
Question #23
Which are three key routing principles in SD-WAN? (Choose three.)
A. FortiGate performs route lookups for new sessions only
B. Regular policy routes have precedence over SD-WAN rules
C. SD-WAN rules have precedence over ISDB routes
D. By default, SD-WAN members are skipped if they do not have a valid route to the destination
E. By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member
View answer
Correct Answer: ABDE
Question #24
Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?
A. diagnose sys sdwan sla-logcorrect
B. diagnose ays sdwan health-check
C. diagnose sys sdwan intf-sla-log
D. diagnose sys sdwan log
View answer
Correct Answer: A
Question #25
Which statement about using BGP for ADVPN is true?
A. You must use BGP to route traffic for both overlay and underlay links
B. You must configure AS path prepending
C. You must configure BGP communities
D. IBGP is preferred over EBGP, because IBGP preserves next hop information
View answer
Correct Answer: D
Question #26
Refer to the exhibit. Based on the exhibit, which action does FortiGate take?
A. FortiGate bounces port5 after it detects all SD-WAN members as dead
B. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead
C. FortiGate brings up port5 after it detects all SD-WAN members as alive
D. FortiGate brings down port5 after it detects all SD-WAN members as dead
View answer
Correct Answer: A
Question #27
What is the route-tag setting in an SD-WAN rule used for?
A. To indicate the routes for health check probes
B. To indicate the destination of a rule based on learned BGP prefixes
C. To indicate the routes that can be used for routing SD-WAN traffic
D. To indicate the members that can be used to route SD-WAN traffic
View answer
Correct Answer: B
Question #28
Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)
A. SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirementscorrect
B. Member metrics are measured only if an SLA target is configured
C. When configuring an SD-WAN rule you can select multiple SLA targets of the same performance SLA
D. SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or MaximizeBandwidth (SLA) as strategycorrect
View answer
Correct Answer: AD
Question #29
Exhibit. The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?
A. There are no IPsec tunnel statistics log messages for ADVPN cuts
B. There is one shortcut tunnel built from master tunnel T_MPLS_0
C. The VPN tunnel T_MPLS_0 is a shortcut tunnel
D. The master tunnel T_INET_0 cannot accept the ADVPN shortcut
View answer
Correct Answer: C
Question #30
Refer to the exhibit. Which statement explains the output shown in the exhibit?
A. FortiGate performed standard FIB routing on the session
B. FortiGate will not re-evaluate the session following a firewall policy change
C. FortiGate used 192
D. FortiGate must re-evaluate the session due to routing change
View answer
Correct Answer: D

View The Updated Fortinet Exam Questions

SPOTO Provides 100% Real Fortinet Exam Questions for You to Pass Your Fortinet Exam!

Get Fortinet Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.