Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Refer to the exhibits.

Exhibit A shows two IPsec templates to define Branch_IPsec_1 and Branch_IPsec_2. Each template defines a VPN tunnel.

Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device.

Which statement best explain the cause for this issue?

A.

You can assign only one template with a tunnel of fype static to each FortiGate device

B.

You can define only one IPsec tunnel from branch devices to HUB1.

C.

You can assign only one IPsec template to each FortiGate device.

D.

You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2.

Which two conclusions for traffic that matches the traffic shaper are true? (Choose two.)

A.

The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

B.

The measured bandwidth is less than 100 KBps.

C.

The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

D.

The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

Which two statements about SD-WAN central management are true? (Choose two.)

A.

It does not allow you to monitor the status of SD-WAN members.

B.

It is enabled or disabled on a per-ADOM basis.

C.

It is enabled by default.

D.

It uses templates to configure SD-WAN on managed devices.

What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)

A.

FEC supports hardware offloading.

B.

FEC improves reliability of noisy links.

C.

FEC transmits parity packets that can be used to reconstruct packet loss.

D.

FEC can leverage multiple IPsec tunnels for parity packets transmission.

Which diagnostic command can you use to show the SD-WAN rules, interface information, and state?

    diagnose sys sdwan service

    diagnose sys sdwan route-tag-list

    diagnose sys sdwan member

A.

diagnose sys sdwan neighbor

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.

Based on the exhibit, which statement is true?

A.

You can delete the virtual-wan-link zone because it contains no member.

B.

The corporate zone contains no member.

C.

You can move port1 from the underlay zone to the overlay zone.

D.

The overlay zone contains four members.

Refer to the exhibit.

An administrator used the SD-WAN overlay template to prepare an IPsec configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the installation preview for one FortiGate device. In the exhibit, which statement best describes the configuration applied to the FortiGate device?

A.

It is a hub device. It can send ADVPN shortcut offers.

B.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. The subnet range is 10.10.128.0/23.

C.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.

D.

It is a hub device and will automatically discover the spoke devices that are in the SD-WAN topology.

Which two protocols in the IPsec suite are most used for authentication and encryption? (Choose two.)

A.

Encapsulating Security Payload (ESP)

B.

Secure Shell (SSH)

C.

Internet Key Exchange (IKE)

D.

Security Association (SA)

Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator configured ADVPN on both hub-and-spoke groups.

Which two outcomes are expected if a user in Toronto sends traffic to London? (Choose two.)

A.

London generates an IKE information message that contains the Toronto public IP address.

B.

Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.

C.

Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

D.

The first packets from Toronto to London are routed through Hub 1 then to Hub 2.