01. If the outgoing interface for an established SNATed session changes, which two requirements must the configuration meet so that FortiGate continues forwarding packets from that session to the new outgoing interface?
(Choose two.)
a) You must have a firewall policy that accepts the new traffic flow for the session.
b) You must configure FortiGate so the SNAT IP address doesn’t change.
c) You must enable the snat-route-change setting.
d) You must set firewall-session-dirty to check-new on the new matching firewall policy.
02. You want to configure ADVPN without route reflection on your SD-WAN topology. Which two statements apply to this scenario?
(Choose two.)
a) ADVPN without route reflection is compatible with BGP on loopback.
b) ADVPN without route reflection is also called ADVPN 2.0.
c) ADVPN without route reflection allows hub-side steering by route tag.
d) ADVPN without route reflection is compatible with static routing on the overlay.
03. When is an SD-WAN member considered to be in the dead state?
a) When both servers used for health checks are reachable by an interface member
b) When the SD-WAN member reaches the failure threshold
c) When the SD-WAN member has an active route in a routing table
d) When the SD-WAN member meets the SLA target requirement
04. What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in a hub-and-spoke topology?
(Choose two.)
a) The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.
b) It ensures consistent settings between phase1 and phase2.
c) It guides the administrator to use Fortinet recommended settings.
d) It automatically installs IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
05. An administrator configured a best quality SD-WAN rule with WAN1 and WAN2 as members. WAN1 has the highest configuration priority, and link-cost-threshold is set to 10. FortiGate reports a latency of 100 ms and 120 ms for WAN1 and WAN2, respectively.
Which change in the measured latency will make WAN2 the new preferred member?
a) When WAN2 has a latency lower than ~91 ms
b) When WAN1 has a latency lower than 100 ms
c) When WAN1 has a latency of 120 ms
d) When WAN2 has a latency of 100 ms
06. By default, what member information does FortiGate consider when selecting the best member in a lowest cost (SLA) SD-WAN rule?
a) Status of configured SLA targets, cost, and priority
b) Status of configured SLA targets, interface index number, and priority
c) Interface index number, cost, and priority
d) Status of configured SLA targets, cost, and corrected metric
07. In a hub-and-spoke SD-WAN topology, you choose OaaS for your overlays. What type of routing can you use on the branches?
a) OSPF routing on the overlay network and OSPF routing on the underlay and between the branch-protected subnets.
b) Static routing on the overlay network and BGP routing on the underlay and between the branch-protected subnets.
c) BGP routing on the overlay network and static routing on the underlay and between the branch-protected subnets.
d) Static routing on the overlay network and static routing on the underlay and between the branch-protected subnets.
08. Which two features are supported by IKEv2 and not by IKEv1?
(Choose two.)
a) Asymmetric authentication
b) IKE mode configuration
c) IKE aggressive mode
d) Network overlay ID
09. You are configuring SD-WAN zones and members on a FortiGate device. Which two facts should you take into account?
(Choose two.)
a) The default zone is sdw-default
b) The default zone is virtual-wan-link.
c) You can add any physical interface to a zone.
d) You can add only SD-WAN members to a zone.
10. In which rule strategy are cost and interface preference not considered selection factors?
a) Best Quality
b) Lowest Cost (SLA)
c) Maximize Bandwidth (SLA)
d) Manual
Before you write the Fortinet SD-WAN Architect (FCSS_SDW_AR-7.6) certification exam, you may have certain doubts in your mind regarding the pattern of the test, the types of questions asked in it, the difficulty level of the questions and time required to complete the questions. These Fortinet Certified Solution Specialist - Network Security (SD-WAN Architect) sample questions and demo exam help you in removing these doubts and prepare you to take the test.