01. In a hub-and-spoke SD-WAN topology, you choose OaaS for your overlays. What type of routing can you use on the branches?
a) Static routing on the overlay network and static routing on the underlay and between the branch-protected subnets.
b) BGP routing on the overlay network and static routing on the underlay and between the branch-protected subnets.
c) Static routing on the overlay network and BGP routing on the underlay and between the branch-protected subnets.
d) OSPF routing on the overlay network and OSPF routing on the underlay and between the branch-protected subnets.
02. Refer to the exhibits, which show the VPN configuration on a spoke and a hub.
The administrator wants to use those tunnels to build an SD-WAN topology. Which one parameter must you modify to allow the tunnel to come up and be used in the SD-WAN topology?
a) Change ike-version to 2 on the hub and the spoke.
b) Set the type to dynamic on the hub side.
c) Set mode-cfg to enable on the spoke side.
d) Set exchange-interface-ip to enable on the hub side.
03. You configured a manual SD-WAN rule to steer game and social media traffic through port2. However, when analyzing the traffic flow you notice that the volume of traffic through port2 is much smaller than expected.
What should you check on the FortiGate configuration?
a) Check whether application-group detection is allowed on the firewall policy that allows the traffic flow.
b) Check whether application control is allowed on the firewall policy that allows the traffic flow.
c) Check whether application filter is allowed in the FortiGuard settings.
d) Check on the FortiGate CLI whether the feature that allows the detection of applications per group is enabled.
04. You are configuring SD-WAN zones and members on a FortiGate device. Which two facts should you take into account?
(Choose two.)
a) The default zone is sdw-default
b) The default zone is virtual-wan-link.
c) You can add only SD-WAN members to a zone.
d) You can add any physical interface to a zone.
05. You want to configure ADVPN without route reflection on your SD-WAN topology. Which two statements apply to this scenario?
(Choose two.)
a) ADVPN without route reflection is compatible with BGP on loopback.
b) ADVPN without route reflection is also called ADVPN 2.0.
c) ADVPN without route reflection allows hub-side steering by route tag.
d) ADVPN without route reflection is compatible with static routing on the overlay.
06. Refer to the exhibits.
You have configured an SD-WAN rule and a firewall policy. You check the interface list, and the sessions established between a LAN device and a server located on another side.
Based on the exhibits, if the performances of port1 falls outside SLA, what can you expect for traffic matching the session shown?
a) You must check the underlay zone configuration to know the answer.
b) FortiGate will flag the session as dirty, and reevaluate the interface to use when the next packet arrives.
c) You must check the system global configuration to know the answer.
d) FortiGate will drop the session. The user must establish a new session that FortiGate will steer through port2.
07. Refer to the exhibit.
The administrator configured the IPsec tunnel VPN1 on a FortiGate device with the parameters shown in exhibit. What are three consequences of selecting those parameters?
(Choose three.)
a) Administrators can use such a configuration to improve the tunnel set-up rate.
b) Administrators should reserve such settings for spoke devices.
c) This configuration includes a Fortinet-proprietary setting.
d) dIPsec tunnels.
e) The remote end must have the parameter net-device set to enable.
08. What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology?
(Choose two.)
a) The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
b) It ensures consistent settings between phase1 and phase2.
c) It guides the administrator to use Fortinet recommended settings.
d) It automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
09. Refer to the exhibit.
The administrator used the SD-WAN overlay template to prepare an IPsec tunnel configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the FortiManager installation preview for one FortiGate device.
Based on the exhibit, which statement best describes the configuration applied to the FortiGate device?
a) It is a spoke device. It can trigger the establishment of an ADVPN shortcut.
b) It is a hub device in a dual-hub topology. It can participate in the establishment of ADVPN shortcuts.
c) It is a spoke device. It can establish shortcuts only if the remote spoke initiates the request.
d) It is a hub device. It will automatically discover the spoke devices and add them to the SD-WAN topology.
10. Refer to the exhibit.
As a FortiManager administrator, you reviewed the device blueprint configuration. Based on the exhibit, which configuration deviates from best practices?
a) You should assign at least one provisioning template to the Branch-KVM blueprint.
b) You should assign a provisioning template or a device group to the Hub-1800F blueprint, but not both.
c) You should assign a device group to the Branch-40F blueprint.
d) You should assign a single provisioning template to the Branch-40F blueprint.
Before you write the Fortinet SD-WAN Architect (FCSS_SDW_AR-7.4) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Fortinet Certified Solution Specialist - Network Security (SD-WAN Architect) sample questions and demo exam help you in removing these doubts and prepare you to take the test.
