naoteinteressa
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test: naoteinteressa Description: cuida do seu Creation Date: 2025/04/07 Category: Others Number of questions: 70
|
Share the Test:
Nuevo Comentario
| New Comment |
|---|
NO RECORDS |
Content:
|
1- Which two statements about SLA targets and SD-WAN rules are true? (Choose
two)? A. SD-WAN rules use SI A targets to check if the preferred members meet the
SLA requirements. B. Member metrics are measured only if an SLA target is configured. C. When configuring an SD-WAN rule, you can select multiple SLA targets of
the same performance SLA D. SLA targets are used only by SD-WAN rules that are configured with Lowest
Cost (SLA) or Maximize Bandwidth (SLA) as strategy. 2- The device exchanges routes using IBGP. Which two statements are correct about the IBGP confguration and routing information on the device? (Choose two-) A. Each BGP route is three hops away from the destination. B. is disabled. C. You can run the get info rout±ng-table database command to display the additional paths. D. Additional-path is enabled. 3- Which configuration change is required ifthe responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec? A. type must be set to static. B. add-route must be disabled. C. mode-cfg must be enabled. D. Exchange-interface-ip must be enabled. 4- Which diagnostic command can you use to show the configured SD-WAN zones and their assigned members? A. diagnose sys sdwan B. diagnose sys sdwan interface C. diagnose sys sdwan zone D. diagnose sys sdwan service. 5- Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDS of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status. Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two)? A. Non-TCP Facebook and YouTube trafic are not used for prformance measurement. B. FortiGate is unable to measure jitter and packet loss on Facebook and YouTube trafic. C. The performance is an average of the metrics measured for Facebook and YouTube trafic passing through the member. D. FortiGate identifies the member as dead when there is no Facebook and trafic passing through the member. 6- Exhibit A shows a policy package definition- Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devicesBased on the output shown in the exhibits, What can the administrator do to solve the issue? A. Create dynamic mapping for the LAN interface for all devices in the installation target list. B. Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface. C. Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt. D. Use a metadata variable instead of a dynamic interface to define the firewall policy. 7- What is true about SD-WAN multiregion topologies? A. It is not compatible with ADVPN. B. Routing between the hub and spokes must be BGP. C. Regions must correspond to geographical areas. D. Each region has its own SD-WAN topology . 8- In a dual-hub hub-and-spoke SD-WAN deployment, which is a benefit of disabling the anti-replay setting on the hubs? A. It instructs the hub to skip content inspection on TCP trafic, to improve performance. B. It instructs the hub to not check the ESP sequence numbers on IPsec trafic, to improve performance. C. It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back and forth between the hubs. D. It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance. 9- Based on the output, which two conclusions are true? (Choose two.) A. Entry I (id=l) is a regular policy route. B. There is more than one SD-WAN rule configured. C. The SD-WAN rules take precedence over regular policy routes. D. The rule represents the implicit SD-WAN rule. 10- Which statement is correct about SD-WAN and ADVPN? A. SD-WAN can steer trafic to ADVPN shortcuts only for rules defined with strategy manual or best quality. B. SD-WAN does not monitor the health and performance of ADVPN shortcuts. C. SD-WAN cannot steer trafic to ADVPN shortcuts established over IPSec overlays if the zone contains physical interfaces. D. SD-WAN can steer trafic to ADVPN shortcuts established over IPsec overlays configured as SD-WAN members. 11- Exhibit A shows a site-to-site topology between two FortiGate devices: branchl_fgt and dcl fgt. Exhibit B shows the system global and system settings configuration on dcl_fgt. When branchl_client establishes a connection to dcl_host, the administrator observes that, on dcl_fgt, the reply trafic is routed over T INET 0_0, even though T INET_I_O is the preferred member in the matching SD-WAN rule. 3ased on the information shown in the exhibits, What confguration change must be made on dcl_fgt so dcl_fgt routes the reply trafic over T_INET 1_0? A. Disable tcp-session-without-syn under config system settings. B. Disable allow-subnet-overlap under config system settings. C. Enable auxiliary—session under config system settings. D. Enable snat-rounte-change config system global. 12- Which two statements are correct about the health check status on this FortiGate device? (Choose two.) A. The interface T_INET O missed three SLA targets. B. The interface T_INET I missed one SLA target. C. There is no SLA criteria configured for the health-check Leve13_DNS. D. The health-check VPN PING orders the members according to the measured jitter. 13- In which SD-WAN template field can you use a metadata variable? A. You can use metadata variables only to define interface members and the gateway IP_ B. Any field identified with a dollar sign (S) in a magnifring glass. C. Any field identified with an "M" in a circle. D. All SD-WAN template fields support metadata variables. 14- The administrator used the SD-WAN overlay template to prepare an IPsec tunnels configuration for a hub-and-spoke SD-WAN topology- The exhibit shows the FortiManag installation preview for one FortiGate device. Based on the exhibit, which statement best describes the configuration applied to the FortiGate device? A. It is a spoke device that establishes dynamic IPsec tunnels to the hub- It can send ADVPN shortcut requests. B. It is a hub device. It can send ADVPN shortcut offers. C. It is a hub device and will automatically discover the spoke devices that are part of the SD-WAN topology D. It is a spoke device that establishes dynamic IPsec tunnels to the hub- The local subnet range is 10.10.128.0/23. 15- What are two benefits of choosing packet duplication over FEC for data Ioss correction on noisy links? (Choose two-) A. Packet duplication does not require a route to the destination. B. Packet duplication can leverage multiple IPsec overlays for sending additional data. C. Packet duplication supports hardware omoading. D. Packet duplication uses smaller parity packets which results in less bandwidth consumptiom. 16- Which statement about the role of the ADVPN device in handling trafic is true? A. Two spokes, 192 . 2 . O.1 and 10. O . 2 . 202, forward their queries to their hubs. B. This is a spoke that has received a query from a remote hub and has forwarded the response to its hub- C. This is a hub that has received a query from a spoke and has forwarded it to another spoke D. Two hubs, . O . .101 and . O . 2 . 202, are receiving and forwarding queries between each other. 17- The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware offoading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.) A. The main session cannot be omoaded to hardware B. The original direction of the symmetric trafic flows from port3 to port2 C. The reply direction of the asymmetric trafic flows from port2 to port3 D. The auxiliary session can be offoaded to hardware. 18- An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibt A. After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnatyzer, which is shown in exhibt B. The administrator noticed that the traffic matched the impficit traffic to match rule 01. Which two reasons explain why some log messages show that the traffic matched the irnplict SO-WAN rule? (Choos.e two.) A. Portl and port2 do not have a valid route to the destinatjon. B. The session 3-tuple did not match any of the existing enfries in the ISOB application cache. C. Ful SSL inspection is not enabled on the matching firewall poucy. D. FortiGate did not refresh the routing information on the session after the application was detected. 19- The exhibit shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured latency will make T_MPLS_O the new preferred rnernber? A. When has a latency of 250 ms. B. When has a latency of 80 ms. C. When and T_MPLS_O have the same latency. D. When T_MPLS_O has a latency of 100 ms. 20- Two hub-and-spoke groups are connected through a site-to-site Psec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups. Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.) A. London generates an KE inforrnation rnessage that contains the Toronto public P address. B. The first packets from Toronto to London are routed through Hub 1 then to Hub 2. C. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN. D. Toronto needs to establish a sie-to-ste tunnel wth Hub 2 to bypass Hub 1. 21- Exhibit A shows an SD-WAN event log and exhibtt B shows the member status and the SD-WAN rule configuration. Based on the exhibtts, which two statements are correct? (Choose two.) A. FortGate updated the outgoing interface list on the rule so it prefers port2. B. Port2 has the highest member priority. C. SD-WAN rule 01 is set to Iowest cost (SLA) mode. D. Port2 has a Iower latency than port. 22- What are two beneftts of using forward error correction (FEC) in Psec VPNs? (Choose two.) A. FEC can multiple IPsec tunnels for parity packets transmission. B. FEC transmis parity packets that can be used to reconstruct packet loss. C. FEC improves refiability of noisy Ínks. D. FEC supports hardware offloading. 23- Theexhibtshows output ofthe command diagnose sys savan collected on a Fortcatedevice. The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HQ servers 10.0.0.1. Based on the exhibts, which two statements are correct? (Choose two.) A. There is no service demed for the Salesforce application, so FortGate will use the service rule 3 and steer the traffic through interface T_HQI . B. FortGate steers traffic to HQ servers according to service rule 1 and it uses portl or port2 because both interfaces are selected. C. When FortGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 accordiing to service rule 3. D. FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2. 24- Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.) A. Thesessioninformation output displays no SD-WAN-specificdetails. B. Ail SD-WAN rules have the default and gateway setting enabled. C. Cl C. Trafficdoes not match any of the entries in the poficy route table. D. Traffic is load balanced using the algorithm set for the setting. 25- Based on the exhibtt, which statement is true? A. You can move portl from the underlay zone to the overlay zone. B. You can delete the virtuaLwan-fink zone because it contains no member. C. The corporate zone cmtains no member. D. The overlay zone contains four members. 26- The exhibit shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured packet lass will make the new preferred member? A. When has 4% packet loss. B. When has 12% packet loss. C. When has 4% packet loss. D. When all three meneóers have the same packet lass. 27- Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status. The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule. Based on the exhibits, What can the administrator expect for traffic matching the SD-WAN rule? A. The traffic will be load balanced across all three overlays. B. The traffic will be routed over T_INET_1_0 C. The traffic will be routed over T_INET_0_0 D. The traffic will be routed over T_MPLS_0. 28- Which statement about the role of the ADVPN device in handling traffic is true? A. This is a spoke that has received an Offer from a remote hub. B. Two spokes, 192.2.0.1 and 10.0.2.101 , establish a shortcut. C. This is a hub that has received an offer from a spoke and has forwarded it to another spoke. D. An KE session is established between 10.0.1.101 and 10.02.101 in the process of forming a shortcut tunnel. 29- What must you configure on the Psec phase 1 configuration for ADVPN to work wth SD-WAN? A. You must disable idle—timeout. B. You must set ike-version to 1. C. You must enable auto-discovery-sender D. You must enable net—device. 30- Which statement explains the output shown in the exhibt? A. FortiGate performed standard FIB routing on the session. B. FortiGate will not re-evaluate the session following a firewall poficy change. C. FortiGate used 192 .2 . o. as the gateway for the original direction of the traffic. D. FortiGate must re-evaluate the session due to routing change. 31- Exhibt A shows the SD-WAN performance SLA and exhbt B shows the SD-WAN member status, the routing table, and the performance SLA status. If port2 is detected dead by FortGate, What is the expected behavior? A. Host 8.8.8.8 is reachable through portl and port2. B. Port2 becomes afive ater three successful probes are detected. C. The administrator manualty restores the static routes for port2, if port2 becomes alive. D. FortGate disables al static routes for port2. 32- Which three characteristics appty to provisioning templates available on FortiManager? (Choose three.) A. You cannot appty a system template and CLI template to the same FortiGate device. B. A CLI template can be oftype CLI script or Perl script C. A CLI template group can contain CLI templates of both types. D. A template group can include a system template and an SD-WAN template. E. CLI templates are appfied in order, from top to bottom. 33- Based on the exhibit, which two actions does FortiGate perform on traffic passing through port2? (Choose two.) A. FortiGate does not change the routing information on existingsessions that use a valid gateway, ater a route change. B. FortGate always blocks au traffic, ater a route change. C. FortiGate performs routing lookups for new sessions only, ater a route change. D. FortiGate flushes routing information from the session table, after a route change. 34- An administrator is troubleshoothg SD-WAN on FortiGate. A device behind branchl_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule 01 and the traffic is routed over T_INET_I. 3ased on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.) A. T_INET_I has a Iower route priorty value (higher priority) than T_INET_O. B. The traffic matches a regular policy route configured with T_INET_I as the outgoing device. C. T_INET_I has a higher member configuration priorty than D. T INET O does not have a valid route to the destination. 35- Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.) A. By default, FortiGate does not check if the selected member has a valid route to the B. You must configure each local-out feature individuaty, to use SD-WAN. C. By default, locavout traffic does not use SD-WAN. D. Fortcate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic. 36- Which are three key routing principies in SD-WAN? (Choose three.) A. By defaut, SD-WAN members are skipped if they do not have a valid route to the destination. B. By defaut, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member. C. FortiGate performs route lookups for new sessions onty. D. SD-WAN rules have precedence over ISDB routes. E. Regular poucy routes have precedence over SD-WAN rules. 37- Which two statements about the SD-WAN members are true? (Choose two.) A. Interfaces of type virtual wire pair can be used as SD-WAN members B. You can manualty define the SD-WAN members sequence number. C. An SD-WAN member can belong to two or more SD-WAN zones. D. Interfaces of type VLAN can be used as SD-WAN members. 38- What is a benefit of using application steering in SD-WAN? A. The traffic always skips the regular poficy routes. B. You do not need to configure firewall poficies that accept the SDWAN traffic. C. You steer traffic based on the detected application. D. You do not need to enable SSL inspection. 39- What does enabling the setting enable FortiGate devices to exchange? A. ThetunnelO oftheirPsec interfaces. B. name of their Psec interfaces. C. The gateway address of their Psec interfaces. D. ThePaddress oftheirlPsec interfaces. 40- Which two interfaces are considered overlay Enks? (Choose two. A. Psec B. LAG C. Physical D. GRE. 41- Which three matching traffic crieria are available in SD-WAN rules? (Chocse three.) A. Type of physical link connection B. Source and destination P address C. IJRL categories D. Apphcation categories E. Internet service database (ISDB) address object. 42- Two hub—and-spoke groups are connected through a site-to-site Psec VPN between Hub 1 and Hub 2. Which two configuration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.) A. On the hubs, net—device must be enabled on all Psec VPNs. B. must be enabled on al Psec VPNs. C. On the spokes, must be enabled on the Psec VPN to the hub. D. On the hubs, must be enabled on the Psec VPNs to spokes. 43- The administrator uses the FortiManager SD-WAN overlay template to prepare an SD-WAN deployment Wth information provided through the SD-WAN overlay template wizard, FortiManager create templates ready to instal on spoke and hub devices. Select three templates created by the SD-WAN overlay template for a spoke deviE (Chocse three.) A. Psec tunnel template B. BGP template C. Overlay template D. System template E. CLI template. 44- Which two statements about the Psec VPN configuration and the status of the Psec VPN tunnel are true? (Choose two.). A. The phase 1 configuration supports the network-overlay setting. B. FortiGate does not install Psec static routes for remote protected networks in the routing table. C. UDP port 4500 is used for Psec VPN traffic (ESP). D. FortiGate facilitated the negotiation of the T_INET_I_O ADVPN shortcut over T_INET_I. 45- Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate. 3ased on the exhibts, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two) A. FortiGate continues routing the sessions wth no SNAT, over port2. B. FortGate updates the gateway information of the sessions wth SNAT so that they use portl instead of port2. C. FortGate flags the sessions as dirty. D. FortGate performs a route lookup for the original traffic onty. 46- Which algorthm does SD-WAN use to distribute traffic that does not match any of the SD-WAN rules A. Al traffic from a source P is sent to the rnost used interface. B. Al traffic from a source P to a destination IP is sent to the same interface. C. Al traffic from a source P is sent to the same interface. D. Al traffic from a source P to a destination IP is sent to the least used interface. 47- What is the zoute—tag setting in an SD-WAN rule used for? A. To indicate the routes that can be used for routing SD-WAN traffic. B. To indicate the rnernbers that can used to route SD-WAN traffic. C. To ridicat the routes for heath check probes. D. To indicate destination of a rule based on learned BGP prefixes. 48 - What are two benefits of using CLI ternplates in FortiManager? (Choose two.) A. You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template. B. You can configure advanced CLI settings. C. You can configure interfaces as SD-WAN members wthout having to remove references first. D. You can reference myetadata variables. Exhibit A shows two Psec templates to define BranchPsec_1 and Branch_lPsec_2. Each template defines a VPN tunnel. Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device. Which statement best explain the cause for this issue? A. You shouz review the branchl_fgt configuration for the already configured tunnel with the name HUB1-VPN2. B. You can define onty one Psec tunnel from branch devices to HUBI. C. You can assign onty one template with a tunnel oftype static to each FortiGate device. D. You can assign onty one Psec template to each FortiGate device. 50- The exhibit shows the BGP configuration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise prefixes from spokes to other spokes over the IPsec overlays, additional paths. However, when looking at the spoke routing table, the administrator does not see the prefixes from Other spokes and the additional paths. Based on the exhibt, which three settings must the administrator configure inside each BGP neighbor group so spokes can learn Other spokes prefixes and their additional paths? (Choose three.) A. Enable soft-reconfiguration B. Enable router-reflector-client C. Set additional—path to send D. Set to the number of additional paths to advertise E. Set to the number of addtional paths to advertise. 51- Within Psec tunnel templates available on FortWanager, which ternplate wil you use to configure static tunnels for a hub and spoke topology? A. Hub Psec Recornrnended B. Static Psec Recornrnended C. Psec Fortinet Recommended D. Branch_IPsec_recommended. 52- Based on the exhibit, which two statements are correct about the heath of the selected members? (Chocse two A. After FortGate switches to active mode, the SLA performance rule never fallsback to passive mon. B. FortGate passivety montors the rnernber if TCP traffic is passing through the member. C. FortiGate can offload the traffic that is subject to passive montoring to hardware. D. During passive montoring, the SI A performance rule cannot detect dead members. 53- Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes? A. diagnose sys sdwan sla—log B. diagnose sys sdwan Iog C. diagnose sys sdwan health—check D. diagnose sys sdwan intf-sla-log. 54- The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be perforrned? (Choose three.) A. Assign an sdwan_id metadata variable to each device (branch and hub). B. Assign a branch_id rnetadata variable to each branch device. C. Create policy packages for branch devices. D. Con figure SD-WAN rules. E. Configure routing through overlay tunnels created by the SD-WAN overlay template. 55- Which two statements about the SD-WAN zone configuration are true? (Choose two.) A. You can use the setting to configure preferred mernber selection based on the best route to the destination. B. The default zone is virtuaLwan-fink. C. You can delete the defaut zones. D. An SD-WAN member can belong to two or more zones. 56- In a hub-anci-spoke topology, What are two advantages of enabling ADVPN on the Psec overlays? (Choose two.) A. tt provides the benefts of a ful-mesh topology in a hub-and-spoke network. B. tt enables spokes to establish shortcuts to third-party gateways. C. tt provides direct connectivty between spokes by creating shortcuts. D. tt enables spokes to bypass the hub during shortcut negotiation. 57- What are two advantages of using an Psec recommended template to configure an Psec tunnel in an hub-and-spoke topology? (Choose two.) A. t ensures consistent settings between phasel and phase2. B. t guides the administrator to use Fortinet recommended settings. C. The VPN monitor tool provides additional statistics for tunnels defined an Psec recommended template. D. t automaticalty instal Psec tunnels to every spoke when they are added to the FortiManager ADOM. 58- Which two settings can you configure to speed up routing convergence in BGP? (Choose two.) A. Link-down-failover B. Update-source C. Holdtime-timer D. Set-route-rag. 59- Exhibit A shows the system interface, exhibit B shows the static route configuration, and exhibit C shows the firewall policies on the managed FortiGate Based on the FortiGate configuration shown in the exhibits, which issue might you encounter when creating an SD-WAN Zone for port and port2? A. portl and port2 are not administrativety down. B. port2 is referenced in a static route. C. portl is Olgned a manual IP address. D. portl is referenced in a firewall poucy. 60- Based on the output shown in the exhibit, which statement is true? A. There is one shortcut tunnel buit from master tunnel T MPLS O. B. The master tunnel cannot accept the ADVPN shortcut C. There are no Psec tunnel statistics log messages for ADVPN shortcuts. D. The VPN tunnel T MPLS O is a shortcut tunnel. 61- Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on a FortGate device acting as the sender. Exhibit B shows the sniffer output on a FortGate device acting as the receiver. The administrator configured packet duphcation on both FortGate devices. The sniffer output on the sender FortiGate shows that FortGate forwards an ICMP echo request packet over three overlays, but it onty receives one repty packet through T_INET_I. Based on the output shown in the exhibts, which two reasons can cause the observed behavior?(Choose two.) A. The ICMP echo request packets sent over and T_MPLS were dropped along the way. B. On the receiver FortiGate, is enabled. C. On the sender FortiGate, is set to 3. D. The sender FortGate has anti-replay enabled to black dupficate ICMP replies. 62- Which statement about using BGP for ADVPN is true? A. IBGP is preferred over EBGP, because IBGP preserves next hop information. B. You must configure AS path prepending. C. You must configure BGP communties. D. You must use BGP to route traffic for both overlay and underlay links. 63- Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts? A. i dl e—timeout B. link —down— failover C. auto—di scovery-shortcuts D. hold-dow-time. 64- Which statement about SD-WAN zones is true? A. You can configure up to 32 SD-WAN zones per VDOM. B. You cannot use an SD-WAN zone in static route de C. An SD-WAN zone can contain onty one type of interface. D. An SD-WAN zone can contain between O and 512. 65- Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation A. Get router info routing-table all B. Get ipsec tunnel list C. diagnose vpn tunnel list D. diagnose debug application ike. 66- Based on the exhibt which action does FortiGate take? A. FortiGate brings down port5 ater t detects all SD-WAN members as dead. B. FortiGate brings up portS ater t detects all SD-WAN members as ahve. C. FortiGate bounces port5 ater detects all SD-WAN members as dead. D. FortiGate fais over to the secondary device ater it detects all SD-WAN members as dead. 67- What are two characteristics of the internet service database (ISDB) in an SD-WAN rule? (Choose two.) A. The ISDB is dynamicalty updated and reduces administrative overhead. B. The ISDB contains the P addresses and port ranges of well-known internet services. C. The ISDB appfies rules to traffic from specific sources, based on appfication type. D. The ISDB requires application cmtrol to maintain signatures and perform load balancing. 68- What are two common use cases for remote internet access (RA)? (Choose two.) A. Provde internet access through the hub. B. Centrahze security inspection on the hub. C. Provide thorough inspection on spokes. D. Provide direct internet access on spokes. 69- Based on the exhibit, which two actions does FortiGate perform on sessions after a firewall policy change? (Choose two.) A. FortiGate terminates the old sessions. B. FortGate evaluates new sessions. C. FortiGate does not change existing sessions. D. FortiGate flushes all sessions. 70- Exhibit A shows the SD-WAN rule status and the learned BGP routes with communty 65000:10. Exhibt B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route configuration The administrator wants to steer corporate traffic using route tags in the SD- WAN rule 01. However, the administrator that the corporate traffic does not match the SD-WAN rule 01. Based on the exhibts, which configuratjon change is required to the issue? A. In the dc1-lan-rm route map configuration, set-route-tag to 10. B. In SD-WAN rule 01 , change the desthation to use ISDB entries. C. In the route rnap configuration, unset match—cormunity. D. In the BGP neighbor configuration, appty the route rnap dcl —Ian—rm in the outbound direction. |
Report abuse