Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Advanced Networking and SD-WAN practice sets

NSE7 Advanced Networking and SD-WAN • Complete Question Bank

NSE7 Advanced Networking and SD-WAN — All Questions With Answers

Complete NSE7 Advanced Networking and SD-WAN question bank — all 0 questions with answers and detailed explanations.

209
Questions
Free
No signup
Certifications/NSE7/Practice Test/Advanced Networking and SD-WAN/All Questions
Question 1easymultiple choice
Read the full MPLS explanation →

A network administrator is configuring SD-WAN on a FortiGate. The organization has two internet links: MPLS (primary) and broadband (backup). The administrator wants all traffic to use the MPLS link unless it fails, in which case traffic should fail over to the broadband link. Which SD-WAN configuration best achieves this requirement?

Question 2mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with SD-WAN and has two WAN members: Member1 (ISP1) with priority 10, and Member2 (ISP2) with priority 5. The SD-WAN rule for traffic from the internal network uses the 'best quality' strategy. During normal operation, traffic flows through Member1. After a link failure on Member1, traffic correctly fails over to Member2. However, when Member1 is restored, traffic does not fail back. What is the most likely cause?

Question 3hardmultiple choice
Read the full MPLS explanation →

An enterprise uses FortiGate as an SD-WAN edge device with three WAN links: Link A (MPLS), Link B (broadband), and Link C (LTE). The SD-WAN rule for VoIP traffic uses the 'best quality' strategy with link-quality-measurement enabled. The VoIP traffic is routed via Link A. During peak hours, users report poor voice quality. The administrator checks the SD-WAN performance SLA logs and sees that Link A's jitter and latency are within acceptable thresholds, but packet loss is slightly elevated. Which action would most likely improve VoIP quality without manual intervention?

Question 4mediummulti select
Study the full SD-WAN breakdown →

Which THREE statements are true about FortiGate SD-WAN health-check configuration?

Question 5hardmulti select
Study the full SD-WAN breakdown →

Which TWO statements correctly describe the behavior of SD-WAN rules when using the 'maximize-bandwidth' strategy?

Question 6hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is deployed with two ISPs and SD-WAN. The organization uses OSPF to exchange routes with a remote branch. The administrator notices that the FortiGate is not installing OSPF-learned routes into the routing table. The OSPF configuration is verified to be correct, and neighbors are established. Which configuration could be causing the issue?

Question 7mediummultiple choice
Read the full MPLS explanation →

An organization is deploying SD-WAN across multiple sites with two internet links (MPLS and broadband) at the main branch. They want voice traffic to use the MPLS link unless it fails, in which case failover to broadband should occur. Which SD-WAN rule configuration achieves this?

Question 8hardmultiple choice
Study the full SD-WAN breakdown →

A network engineer is troubleshooting an SD-WAN setup where traffic from a specific subnet is not being load-balanced as expected. The SD-WAN rule uses 'source IP' hashing. The engineer notices that the traffic originates from multiple hosts in the same /24 subnet. What is the most likely cause of poor load distribution?

Question 9easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with two static routes to the same destination 0.0.0.0/0 with equal distance but different priorities. The priority values are 10 and 20. Which route will be used for traffic matching the default route?

Question 10hardmulti select
Open the full BGP breakdown →

Which TWO statements are true regarding BGP path selection in a FortiGate SD-WAN environment?

Question 11mediummultiple choice
Read the full MPLS explanation →

A company with a hub-and-spoke SD-WAN topology uses FortiGates at each site. The hub has two WAN links: MPLS (10 Mbps) and broadband (100 Mbps). The spokes connect only via MPLS. The company deploys a new real-time application that requires low latency and low jitter. The network administrator creates an SD-WAN rule for this application with 'best quality' strategy and both MPLS and broadband as members. The SLA for MPLS is configured with latency < 10 ms and jitter < 5 ms. The SLA for broadband is configured with latency < 50 ms and jitter < 20 ms. The actual measured latency on MPLS is 12 ms, and jitter is 4 ms. The broadband latency is 25 ms, jitter 10 ms. Which path will the application traffic take?

Question 12mediummulti select
Study the full SD-WAN breakdown →

An administrator is configuring SD-WAN on a FortiGate to route traffic between two internet connections (ISP1 and ISP2). The SD-WAN rules use performance SLA to measure latency. Which TWO statements are true about SD-WAN rule matching and failover?

Question 13easymultiple choice
Study the full SD-WAN breakdown →

A company has two internet connections: a primary fiber link (port1, 100 Mbps) and a backup DSL link (port2, 20 Mbps). They are using SD-WAN to load balance traffic based on volume, with a rule that sends 70% of traffic to port1 and 30% to port2. Recently, users report that video conferencing applications are experiencing high latency and jitter. The network team finds that the SD-WAN performance SLA for the fiber link shows 80% packet loss and high latency. The SD-WAN rule action is set to 'best quality' with a latency threshold of 150 ms. The current latency on port1 is 200 ms, and on port2 is 40 ms. What should the administrator do to ensure that video conferencing traffic uses the DSL link while the fiber link is degraded?

Question 14mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to troubleshoot a FortiGate SSL VPN connection failure into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 15mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps to configure a FortiGate to use an external authentication server (e.g., RADIUS) for admin login into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 16mediummatching
Read the full VPN explanation →

Match each IPsec VPN term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Internet Key Exchange version 1

Internet Key Exchange version 2

Encapsulating Security Payload

Authentication Header

Perfect Forward Secrecy

Question 17mediummatching
Study the full SD-WAN breakdown →

Match each FortiGate interface type to its usage.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Hardware network port

Virtual LAN subinterface

Virtual interface for management or routing

Combines multiple physical links for redundancy

Link aggregation (LAG) for increased bandwidth

Question 18mediummultiple choice
Study the full SD-WAN breakdown →

A network engineer is configuring SD-WAN on a FortiGate. They have three WAN interfaces (wan1, wan2, lte) and want traffic to the primary datacenter (10.10.10.0/24) to use wan1 unless its latency exceeds 50 ms, in which case failover to wan2. The engineer created an SD-WAN rule with a strategy of 'Manual' and selected 'wan1' as the preferred member. What additional configuration is required to achieve automatic failover based on latency?

Question 19hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is running OSPF with multiple areas. The admin wants to redistribute a static route for 192.168.100.0/24 into OSPF. After configuring 'config router ospf' with 'redistribute static' enabled, the route appears in the OSPF database but is not being advertised to other areas. What is the most likely cause?

Question 20easymultiple choice
Study the full SD-WAN breakdown →

An administrator wants to load balance traffic across two ISP links using SD-WAN. The requirement is that sessions from the same source IP address must always use the same ISP link. Which SD-WAN load balancing algorithm should be used?

Question 21hardmultiple choice
Study the full SD-WAN breakdown →

You are troubleshooting BFD on a FortiGate SD-WAN deployment. BFD is configured on two WAN interfaces (wan1, wan2) with a minimum transmit interval of 100 ms and a multiplier of 3. The network experiences occasional jitter causing packet loss. After a brief outage, the BFD session does not recover. Which setting should be adjusted to improve BFD resilience without significantly increasing failover time?

Question 22mediummultiple choice
Read the full MPLS explanation →

A FortiGate with SD-WAN enabled uses two members: MPLS (10 ms latency) and Internet (40 ms latency). The SD-WAN rule uses 'Best Quality' strategy with latency as the metric. Traffic to a critical application (10.1.1.0/24) is currently using the MPLS link. The MPLS link's latency increases to 60 ms due to a routing issue. How will FortiGate handle new sessions to 10.1.1.0/24?

Question 23easymultiple choice
Study the full SD-WAN breakdown →

Which feature allows a FortiGate to participate in multiple routing tables simultaneously, enabling network segmentation and overlapping IP address spaces?

Question 24mediummultiple choice
Study the full SD-WAN breakdown →

An administrator needs to ensure that traffic from the internal network (10.0.0.0/8) destined to the Internet is routed through a specific next-hop (192.168.1.1) only if a more specific route for the destination does not exist. Which routing feature should be used?

Question 25mediummultiple choice
Study the full SD-WAN breakdown →

During an SD-WAN health check, an administrator observes that a performance SLA for wan1 shows 'Status: dead' even though the interface is up and can ping the SLA server. The SLA configuration uses a TCP echo probe to 8.8.8.8 port 443. What is the most likely cause?

Question 26hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with two SD-WAN members (wan1, wan2) and a performance SLA for each. The SD-WAN rule uses 'Maximize Bandwidth' strategy with volume-based load balancing. The administrator notices that traffic is only using wan1, even though both links have capacity. The SLA status for wan2 shows 'alive'. What could be the problem?

Question 27mediummultiple choice
Study the full SD-WAN breakdown →

An administrator wants to segment traffic between two departments (Engineering and Finance) using the same FortiGate. Each department must have its own routing table with overlapping IP addresses. Which feature should be enabled to achieve this without creating separate VDOMs?

Question 28easymultiple choice
Review the full OSPF breakdown →

Which FortiGate feature is used to detect link failures within milliseconds, allowing rapid convergence for routing protocols like OSPF and BGP?

Question 29hardmultiple choice
Study the full SD-WAN breakdown →

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 30mediummulti select
Read the full MPLS explanation →

A network administrator is configuring SD-WAN on a FortiGate with three WAN links: MPLS (10 Mbps), Broadband (50 Mbps), and LTE (20 Mbps). They want to load balance traffic based on link bandwidth, with the option to manually steer critical traffic to the MPLS link. Which TWO steps must be taken to achieve this?

Question 31hardmulti select
Read the full MPLS explanation →

An administrator is troubleshooting an SD-WAN deployment where traffic from the branch to the datacenter is being sent over the backup LTE link even though the primary MPLS link has low latency and jitter. The SD-WAN rule uses 'Best Quality' strategy with latency and jitter metrics. The performance SLA for MPLS shows 'alive'. Which TWO configurations could cause this behavior?

Question 32mediummulti select
Study the full SD-WAN breakdown →

A FortiGate is integrated with FortiSwitch and FortiAP. The administrator wants to manage both devices from the FortiGate GUI using the LAN edge management features. Which THREE conditions must be met for this integration to work?

Question 33mediummultiple choice
Study the full SD-WAN breakdown →

An administrator configures an SD-WAN rule to steer traffic from a specific subnet to an SD-WAN member with the lowest cost. Which load balancing algorithm should be selected in the SD-WAN rule to achieve this behavior?

Question 34hardmultiple choice
Open the full BGP breakdown →

You run 'diagnose sys session filter dport 179' on a FortiGate and see many sessions with proto=6 and proto_state=01. What does this indicate about the BGP sessions?

Question 35mediummultiple choice
Review the full OSPF breakdown →

A network admin configures OSPF on a FortiGate with multiple areas. To ensure that routes from one area are advertised into another area, which OSPF feature must be properly configured?

Question 36easymultiple choice
Study the full SD-WAN breakdown →

Which FortiGate feature allows multiple independent routing tables on a single device, enabling traffic separation for different departments or customers?

Question 37mediummultiple choice
Review the full OSPF breakdown →

An administrator configures BFD on a FortiGate to improve convergence time for OSPF. What is the primary purpose of BFD in this context?

Question 38easymultiple choice
Study the full SD-WAN breakdown →

Which SD-WAN load balancing algorithm distributes traffic based on the number of active sessions per SD-WAN member?

Question 39hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with an SD-WAN rule using 'spillover' algorithm. The primary member has a spillover threshold of 100 Mbps. Traffic of 80 Mbps is currently flowing through the primary member. A new session requiring 30 Mbps arrives. What will happen?

Question 40mediummultiple choice
Study the full SD-WAN breakdown →

An administrator wants to ensure that traffic from a specific source IP uses a particular SD-WAN member regardless of performance SLA results. Which SD-WAN configuration element should be used?

Question 41hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate has two WAN interfaces (port1, port2) as SD-WAN members. The performance SLA monitor is configured for both with a latency threshold of 50 ms. The measured latency on port1 is 45 ms and on port2 is 55 ms. An SD-WAN rule uses 'lowest-cost' algorithm. Which interface will be selected for new sessions?

Question 42mediummultiple choice
Study the full SD-WAN breakdown →

Which command is used on a FortiGate to view the current state of BFD sessions?

Question 43easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with ECMP load balancing. What is the default behavior when multiple routes have equal cost?

Question 44mediummultiple choice
Study the full SD-WAN breakdown →

An administrator needs to apply different routing policies for traffic based on source IP address, overriding the normal routing table. Which feature should be configured?

Question 45mediummulti select
Study the full SD-WAN breakdown →

An administrator wants to integrate a FortiExtender into an existing SD-WAN deployment. Which TWO steps are required for proper integration?

Question 46hardmulti select
Review the full OSPF breakdown →

A FortiGate is configured with OSPF multi-area. The administrator needs to ensure that routes from area 2 are advertised into area 0. Which TWO configurations are necessary?

Question 47mediummulti select
Study the full SD-WAN breakdown →

An administrator needs to configure VRF to separate traffic for two departments. Which THREE components must be configured for each VRF?

Question 48easymultiple choice
Study the full SD-WAN breakdown →

A network administrator wants to configure SD-WAN on a FortiGate with two internet connections (port1 and port2). The requirement is to use the link with the lowest cost as the primary path for all traffic, unless it exceeds a threshold. Which SD-WAN load balancing algorithm should the administrator choose?

Question 49mediummultiple choice
Open the full BGP breakdown →

A FortiGate is configured with SD-WAN using BGP. The administrator wants to influence outbound traffic to prefer one SD-WAN member over another based on BGP attributes. Which BGP attribute, when modified on the FortiGate, can achieve this for outbound traffic?

Question 50hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is running OSPF in a multi-area network. The administrator notices that routes from area 1 are not being redistributed into area 0. The configuration includes 'redistribute connected' under OSPF. What is the most likely cause?

Question 51easymultiple choice
Study the full SD-WAN breakdown →

Which of the following is the primary purpose of BFD (Bidirectional Forwarding Detection) on a FortiGate?

Question 52mediummultiple choice
Study the full SD-WAN breakdown →

An administrator is troubleshooting SD-WAN and runs the following CLI command: 'execute sdwan-health-check status' The output shows that one SD-WAN member has a status of 'dead'. What does this indicate?

Question 53mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate has two WAN interfaces configured as SD-WAN members. The administrator wants traffic to specific destination IP addresses to use a particular member. Which SD-WAN configuration object should be used to achieve this?

Question 54hardmultiple choice
Review the full OSPF breakdown →

An administrator configures OSPF on a FortiGate with multiple areas. After configuration, the FortiGate does not become an ABR. What is the most likely reason?

Question 55easymultiple choice
Study the full SD-WAN breakdown →

What is the function of a VRF (Virtual Routing and Forwarding) on a FortiGate?

Question 56mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with SD-WAN and uses performance SLA to monitor link quality. The administrator sets the SLA threshold to jitter < 30ms. If a link has average jitter of 35ms, what is the status of that link in the SD-WAN health check?

Question 57mediummultiple choice
Study the full SD-WAN breakdown →

An administrator wants to integrate a FortiExtender with a FortiGate to provide cellular WAN connectivity. Which configuration step is required on the FortiGate to use the FortiExtender as an SD-WAN member?

Question 58hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate has ECMP configured with two equal-cost routes to a destination. The administrator wants to ensure that all packets from a given source IP use the same next-hop. Which ECMP load balancing method should be configured?

Question 59mediummultiple choice
Review the full OSPF breakdown →

An administrator configures a route map on a FortiGate to redistribute connected routes into OSPF. The route map sets a metric of 100. After applying, the redistributed routes appear with metric 20. What is the most likely reason?

Question 60mediummulti select
Study the full SD-WAN breakdown →

A network administrator is configuring SD-WAN on a FortiGate and wants to ensure that VoIP traffic uses the link with the lowest latency while bulk download traffic uses the link with the highest bandwidth. Which TWO configuration steps are required?

Question 61hardmulti select
Review the full OSPF breakdown →

A FortiGate is configured with OSPF and multiple areas. The administrator wants to prevent type 3 LSAs from entering a specific area, while still allowing inter-area routing. Which TWO configurations can achieve this?

Question 62mediummulti select
Study the full SD-WAN breakdown →

An administrator needs to integrate a FortiSwitch with a FortiGate for LAN edge management. The FortiSwitch will be used to provide access ports for end users. Which THREE configuration steps are required on the FortiGate?

Question 63easymultiple choice
Study the full SD-WAN breakdown →

A network administrator needs to configure SD-WAN on a FortiGate to distribute traffic across two WAN links based on session count. Which load balancing algorithm should be selected in the SD-WAN rule?

Question 64mediummultiple choice
Study the full SD-WAN breakdown →

An administrator configures a performance SLA for SD-WAN health checks. The SLA uses a ping probe to 8.8.8.8 every 2 seconds with a latency threshold of 150 ms and jitter threshold of 20 ms. After some time, the SD-WAN rule still shows the member as 'dead'. Which command should the administrator use to verify the probe results?

Question 65hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is configured with OSPF in multiple areas and redistributes connected routes into OSPF. The administrator notices that routes from area 1 are not appearing in area 0. The area 0 routers show the routes as 'O E2' but with an invalid metric. What is the most likely cause?

Question 66mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate administrator sees the following output:

"diagnose sys session filter dport 443 diagnose sys session list session info: proto=6 proto_state=01 duration=3600 expire=3599"

What does this session duration and expire time indicate?

Question 67mediummultiple choice
Study the full SD-WAN breakdown →

An administrator wants to ensure that all traffic from a specific LAN subnet (192.168.10.0/24) to the internet uses a particular WAN interface (wan1) in an SD-WAN setup, while other traffic uses wan2. What is the correct configuration to achieve this?

Question 68easymultiple choice
Study the full SD-WAN breakdown →

What is the purpose of BFD (Bidirectional Forwarding Detection) in a FortiGate routing configuration?

Question 69hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate with two WAN interfaces configured in an SD-WAN setup uses the 'lowest-cost' load balancing algorithm. The performance SLA monitors latency and jitter. If wan1 has a cost of 10 and wan2 has a cost of 20, but wan1 is experiencing 50% packet loss, what will happen to traffic?

Question 70mediummultiple choice
Study the full SD-WAN breakdown →

Which command is used on a FortiGate to view the current routing table including VRF instances?

Question 71easymultiple choice
Study the full SD-WAN breakdown →

An administrator wants to integrate a FortiExtender with a FortiGate to provide WAN connectivity. Which interface type is used on the FortiGate to connect to the FortiExtender?

Question 72mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate has multiple equal-cost routes to the same destination via two different interfaces. ECMP load balancing is enabled. What determines how traffic is distributed among the routes?

Question 73hardmultiple choice
Open the full BGP breakdown →

An administrator configures a route map named RMAP_EXPORT that sets a community for routes redistributed into BGP. The route map is applied to the 'redistribute connected' statement under BGP. However, the connected routes are not being advertised to BGP peers. What is the most likely cause?

Question 74mediummultiple choice
Study the full SD-WAN breakdown →

Which feature allows a FortiGate to use multiple VRFs to separate routing tables for different customers or departments on the same physical device?

Question 75mediummulti select
Study the full SD-WAN breakdown →

A network administrator is troubleshooting an SD-WAN setup where traffic from a specific application is not being load-balanced as expected. The SD-WAN rule uses the 'volume' load balancing algorithm. Which TWO factors could cause traffic to not be distributed equally? (Choose two.)

Question 76hardmulti select
Review the full OSPF breakdown →

A FortiGate is configured with OSPF multi-area. The administrator wants to redistribute a static route into OSPF area 0 and ensure it is propagated to all areas. Which THREE steps are required? (Choose three.)

Question 77easymulti select
Open the full BGP breakdown →

An administrator is configuring BGP with SD-WAN on a FortiGate. Which TWO statements are true about BGP and SD-WAN integration? (Choose two.)

Question 78mediummultiple choice
Study the full SD-WAN breakdown →

A network administrator configures SD-WAN on a FortiGate with two WAN members (port1, port2). They set up a performance SLA to measure latency to 8.8.8.8. The SLA shows both members are 'alive'. However, traffic matching an SD-WAN rule with 'best quality' strategy is not using the lowest-latency link. What is the MOST likely cause?

Question 79hardmultiple choice
Open the full BGP breakdown →

An administrator runs 'get router info bgp summary' and sees that the BGP session to a neighbor is in the 'Idle' state. The neighbor IP is reachable via ping. The BGP configuration uses loopback interfaces with 'update-source loopback1'. What is the MOST likely reason for the Idle state?

Question 80easymultiple choice
Review the full OSPF breakdown →

A FortiGate is configured with OSPF multi-area. The administrator wants to ensure that routes from area 0 are redistributed into area 1. Which OSPF configuration is required?

Question 81mediummultiple choice
Review the full OSPF breakdown →

An administrator wants to use BFD to detect failures in an OSPF neighbor relationship faster than OSPF hello timers. They configure 'config router ospf' and 'set bfd enable'. However, BFD sessions are not coming up. What is a possible reason?

Question 82hardmultiple choice
Review the full OSPF breakdown →

You have configured a route map named 'RM-BGP' to filter routes redistributed from OSPF into BGP. The route map uses 'set community 65000:100' and 'set metric 50'. After applying the route map under 'config router bgp' with 'redistribute ospf route-map RM-BGP', you see that routes are being redistributed but without the community and metric. What is wrong?

Question 83mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate has two equal-cost paths to a destination network through two different ISPs. The administrator wants to load balance traffic across both links using ECMP, but notices that all traffic uses only one link. What should the administrator check first?

Question 84easymultiple choice
Study the full SD-WAN breakdown →

What is the purpose of using a prefix list in route redistribution?

Question 85mediummultiple choice
Study the full SD-WAN breakdown →

An administrator connects a FortiExtender to the FortiGate's USB port. The FortiGate detects the FortiExtender and creates a virtual interface 'wwan1'. However, the link status shows 'down'. The SIM card is inserted and the cellular plan is active. What should the administrator check?

Question 86hardmultiple choice
Read the full DNS explanation →

You have configured VRF on a FortiGate with two VRFs: VRF 1 for guest traffic and VRF 2 for corporate traffic. You want to allow limited communication from guests to a corporate DNS server. What is the correct configuration step?

Question 87easymultiple choice
Study the full SD-WAN breakdown →

Which SD-WAN load balancing algorithm distributes traffic based on the number of active sessions per interface?

Question 88mediummultiple choice
Study the full SD-WAN breakdown →

An administrator configures a performance SLA to monitor a remote server. The SLA status shows 'dead' for one WAN member. The administrator checks the interface and sees that it is up and passing other traffic. What is the most likely cause?

Question 89mediummultiple choice
Study the full SD-WAN breakdown →

You want to use policy-based routing (PBR) to send traffic from a specific subnet to a different next-hop than the default route. Which configuration is required?

Question 90mediummulti select
Study the full SD-WAN breakdown →

A network administrator is configuring SD-WAN rules and wants to ensure that voice traffic is sent over the link with the lowest jitter. Which TWO configurations should the administrator apply? (Choose two.)

Question 91hardmulti select
Study the full SD-WAN breakdown →

A FortiGate is experiencing asymmetric routing due to route leaking between VRFs. The administrator wants to ensure that traffic using a specific VRF returns via the same path. Which THREE actions should be taken? (Choose three.)

Question 92easymulti select
Study the full SD-WAN breakdown →

An administrator wants to integrate a FortiSwitch with a FortiGate for LAN edge management. Which TWO steps are required for initial setup? (Choose two.)

Question 93mediummultiple choice
Study the full SD-WAN breakdown →

A network administrator configures an SD-WAN zone with two members (port1 and port2) and sets the load balancing algorithm to 'spillover'. The spillover threshold is set to 100 Mbps on port1. If traffic reaches 120 Mbps on port1, what happens to new sessions?

Question 94easymultiple choice
Read the full MPLS explanation →

An administrator wants to ensure that voice traffic (UDP 16384-32768) always uses the MPLS link, while internet-bound traffic uses broadband. Which SD-WAN feature should be configured to achieve this?

Question 95hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with two WAN members in an SD-WAN zone. The performance SLA monitors latency to a probe server. The rule uses 'best quality' strategy. After some time, one member fails the SLA. Which action does the FortiGate take for existing sessions that were using that member?

Question 96mediummultiple choice
Study the full SD-WAN breakdown →

An administrator runs 'diagnose sys session filter dport 443' and sees the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 97mediummultiple choice
Review the full OSPF breakdown →

A multi-area OSPF network includes a FortiGate as an ABR. The administrator needs to redistribute a static route into OSPF. Which command is required on the FortiGate to achieve this?

Question 98easymultiple choice
Study the full SD-WAN breakdown →

Which load balancing algorithm in SD-WAN distributes new sessions based on the source and destination IP addresses, ensuring that all sessions from a given source-destination pair go to the same member?

Question 99hardmultiple choice
Open the full BGP breakdown →

An administrator configures BFD on a BGP session between two FortiGates. After enabling BFD, the BGP session flaps intermittently. What is the most likely cause?

Question 100mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with multiple VRF instances. The administrator needs to ensure that traffic from VRF 10 can reach a server in VRF 20. Which configuration is required?

Question 101mediummultiple choice
Study the full SD-WAN breakdown →

An administrator wants to use FortiExtender to provide LTE WAN connectivity. After connecting the FortiExtender to the FortiGate, the LTE interface is not showing up. What is the first troubleshooting step?

Question 102easymultiple choice
Study the full SD-WAN breakdown →

Which BFD mode is used to detect forwarding path failures between two FortiGates that are directly connected?

Question 103hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate has two equal-cost paths to a destination network. ECMP is enabled. The administrator notices that all traffic uses the first path. What is the most likely cause?

Question 104mediummultiple choice
Review the full OSPF breakdown →

An administrator configures a route map to control redistribution of connected routes into OSPF. The route map uses a prefix list to match routes. After applying the redistribution, no routes are redistributed. What is the most likely oversight?

Question 105mediummulti select
Read the full MPLS explanation →

An administrator is configuring SD-WAN with two members: MPLS and Broadband. The requirement is that voice traffic (UDP ports 16384-32768) should use MPLS primarily, and if MPLS fails SLA, then use Broadband. Which two configurations are needed? (Choose TWO.)

Question 106mediummulti select
Review the full OSPF breakdown →

A FortiGate is acting as an ABR between OSPF area 0 and area 1. The administrator needs to redistribute a static route into OSPF so that it appears as an inter-area route (Type 3 LSA). Which three steps are required? (Choose THREE.)

Question 107hardmulti select
Study the full SD-WAN breakdown →

An administrator deploys a FortiGate in a remote office with a FortiSwitch and FortiAP. The LAN edge management features are used to manage these devices. The FortiGate is configured as a controller. Which three steps are required to manage the FortiAP via the FortiGate? (Choose THREE.)

Question 108mediummultiple choice
Study the full SD-WAN breakdown →

A network administrator is configuring SD-WAN on a FortiGate with two WAN links (port1 and port2). They want traffic to destination 10.0.0.0/8 to use port1 as long as its latency is below 50ms and jitter below 10ms; otherwise, fail over to port2. Which SD-WAN configuration components are required?

Question 109easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with SD-WAN using load balancing algorithm 'source-dest-ip'. What is the primary characteristic of this algorithm?

Question 110hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is running OSPF with multiple areas. The administrator notices that routes from area 1 are not being redistributed into area 0. The ABR has the following configuration: 'config router ospf config area edit 0.0.0.0 set type nssa end config area edit 0.0.0.1 set type standard end end'. What is the issue?

Question 111mediummultiple choice
Open the full BGP breakdown →

An administrator is troubleshooting BGP with SD-WAN. They have configured BGP on the FortiGate and the SD-WAN rule uses 'best quality' strategy. However, failover does not happen when a WAN link goes down. The BGP session is still up. What is the most likely reason?

Question 112easymultiple choice
Study the full SD-WAN breakdown →

What is the purpose of configuring BFD (Bidirectional Forwarding Detection) on a FortiGate?

Question 113mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate has multiple VRFs configured. An administrator wants to allow traffic from VRF 1 to reach a server in VRF 2. What configuration is required?

Question 114mediummultiple choice
Study the full SD-WAN breakdown →

An administrator runs 'diagnose sys session filter dport 443' and sees: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate about the session?

Question 115hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with policy-based routing (PBR) to route certain traffic through a specific next hop. However, some traffic that should match the PBR rule is not being affected. What is a likely reason?

Question 116easymultiple choice
Study the full SD-WAN breakdown →

What is the function of a route map in FortiGate routing?

Question 117mediummultiple choice
Study the full SD-WAN breakdown →

An administrator wants to integrate a FortiExtender with a FortiGate for LTE backup. The FortiGate is using SD-WAN. What is the correct way to add the FortiExtender as an SD-WAN member?

Question 118hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with ECMP load balancing for multiple equal-cost routes. The administrator wants to ensure that all packets belonging to the same session go out the same interface. Which ECMP load balancing method should be used?

Question 119easymultiple choice
Study the full SD-WAN breakdown →

What is the purpose of a prefix list in FortiGate routing?

Question 120mediummulti select
Study the full SD-WAN breakdown →

A network administrator is configuring SD-WAN rules with load balancing. They want to distribute HTTP traffic evenly across two WAN links based on the number of sessions. Which TWO settings should they use? (Choose two.)

Question 121hardmulti select
Review the full OSPF breakdown →

A FortiGate is in a multi-area OSPF environment. The administrator needs to redistribute connected routes from area 1 into OSPF. Which THREE steps are required? (Choose three.)

Question 122mediummulti select
Study the full SD-WAN breakdown →

An administrator wants to deploy FortiSwitch and FortiAP using LAN edge management from a FortiGate. Which TWO conditions must be met? (Choose two.)

Question 123mediummultiple choice
Study the full SD-WAN breakdown →

A network admin is configuring SD-WAN on a FortiGate with two WAN members (port1, port2). The requirement is that traffic for Office 365 (source IP 10.1.1.0/24, destination IP 132.245.0.0/16) should use port1 primarily unless it fails the performance SLA, in which case it should use port2. Which SD-WAN rule configuration should the admin use?

Question 124hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is running OSPF with multiple areas. The admin wants to redistribute a static route (192.168.100.0/24) into OSPF area 0. The route is configured as a static route on the FortiGate. Which configuration step is essential to ensure the static route is redistributed into OSPF?

Question 125easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate administrator wants to enable load balancing for equal-cost paths to the same destination. The FortiGate has two equal-cost routes via two different next-hop routers. Which feature should the admin enable to load balance traffic across both paths?

Question 126mediummultiple choice
Study the full SD-WAN breakdown →

An administrator configures an SD-WAN rule with the 'volume' load balancing algorithm. The two WAN members have bandwidth capacities: port1 = 100 Mbps, port2 = 50 Mbps. Traffic is HTTP and HTTPS from internal users to the internet. How will the traffic be distributed?

Question 127hardmultiple choice
Study the full SD-WAN breakdown →

You run the following command on a FortiGate:

diagnose sys session filter dport 443 diagnose sys session list

Output: proto=6 proto_state=01 duration=3600 expire=3599

What does the 'proto_state=01' indicate?

Question 128mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with two VRF instances (VRF1 and VRF2). The admin needs to allow traffic from VRF1 to reach a server in VRF2. The server is directly connected to the FortiGate on an interface in VRF2. What configuration is required?

Question 129mediummultiple choice
Open the full BGP breakdown →

An administrator notices that when a BGP session goes down, failover to the backup path takes about 30 seconds. The admin wants to reduce the failover time to less than 1 second. Which technology should the administrator implement?

Question 130easymultiple choice
Study the full SD-WAN breakdown →

Which routing technique allows a FortiGate to forward packets based on source IP address, destination IP address, or other criteria, in addition to the destination IP alone?

Question 131mediummultiple choice
Study the full SD-WAN breakdown →

An administrator is configuring a FortiGate as a LAN edge device with FortiSwitch and FortiAP. Which feature must be enabled on the FortiGate to centrally manage the FortiSwitch and FortiAP devices?

Question 132hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate has an SD-WAN configuration with two members (wan1, wan2). The performance SLA monitors latency to 8.8.8.8. The admin notices that even when the SLA is satisfied on both members, all traffic uses wan1. The SD-WAN rule is configured with 'strategy = best quality'. What is the most likely cause?

Question 133easymultiple choice
Study the full SD-WAN breakdown →

What is the purpose of a route map when used with route redistribution on a FortiGate?

Question 134mediummultiple choice
Study the full SD-WAN breakdown →

An administrator wants to integrate a FortiExtender with a FortiGate to provide additional WAN connectivity. Which configuration is required on the FortiGate to enable the FortiExtender to operate as a secondary WAN interface?

Question 135mediummulti select
Review the full OSPF breakdown →

A network engineer is troubleshooting an OSPF multi-area setup on a FortiGate. The FortiGate is an ABR (Area Border Router) connecting area 0 and area 1. The engineer notices that routes from area 1 are not being advertised into area 0. Which TWO of the following are possible causes? (Select TWO.)

Question 136hardmulti select
Open the full BGP breakdown →

An administrator is configuring BGP on a FortiGate to peer with an ISP router. The FortiGate is advertising a prefix (203.0.113.0/24) to the ISP. To ensure that traffic to the prefix is load balanced across two WAN links (port1 and port2) using SD-WAN, the administrator must configure which THREE of the following? (Select THREE.)

Question 137mediummulti select
Open the full VLAN trunking answer →

A FortiGate is deployed as a LAN edge switch with multiple FortiSwitch units connected. The administrator wants to configure VLANs and manage the switches centrally. Which TWO features must be enabled on the FortiGate to achieve this? (Select TWO.)

Question 138mediummultiple choice
Study the full SD-WAN breakdown →

An administrator configured an SD-WAN rule to steer traffic to a specific member interface using the 'lowest-cost' strategy. After applying, the traffic is not being load-balanced as expected. Which configuration element is MOST likely missing?

Question 139mediummultiple choice
Review the full OSPF breakdown →

A FortiGate has OSPF configured in multiple areas. The administrator wants to redistribute routes from area 0 into area 1 with a metric of 10. Which command is correct?

Question 140easymultiple choice
Study the full SD-WAN breakdown →

Which load balancing algorithm in SD-WAN sends new sessions to the member interface with the least number of active sessions?

Question 141mediummultiple choice
Study the full SD-WAN breakdown →

An administrator configures two SD-WAN members (port1, port2) with performance SLAs. The SD-WAN rule uses 'best-quality' strategy. During a failover test, the primary member port1 becomes unavailable but traffic does not switch to port2. What should the administrator check first?

Question 142hardmultiple choice
Study the full SD-WAN breakdown →

You run 'diagnose sys session filter dport 443' and see the following output: proto=6 proto_state=01 duration=3600 expire=3599 What does this indicate?

Question 143mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with VRF. Which statement about VRF is true?

Question 144hardmultiple choice
Study the full SD-WAN breakdown →

An administrator wants to load-balance traffic across two WAN links using ECMP. The routes have equal distances and metrics. However, traffic is only using one of the links. What could be the cause?

Question 145mediummultiple choice
Open the full BGP breakdown →

Which BGP attribute is used by FortiGate SD-WAN to influence outbound traffic path selection?

Question 146easymultiple choice
Study the full SD-WAN breakdown →

What is the purpose of BFD on a FortiGate?

Question 147hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate with FortiExtender is using LTE as a backup WAN link. When the primary link fails, the LTE link does not take over. What could be the cause?

Question 148mediummultiple choice
Review the full OSPF breakdown →

An administrator configures a route-map to match prefix-list 'PREFIX' and set metric 20. Which OSPF route redistribution uses this route-map correctly?

Question 149easymultiple choice
Study the full SD-WAN breakdown →

Which SD-WAN load balancing algorithm is best for ensuring that all traffic from a specific source-destination pair uses the same WAN link?

Question 150mediummulti select
Study the full SD-WAN breakdown →

An administrator needs to configure a FortiGate to use two WAN links for internet traffic with failover and load balancing. Which TWO steps are required?

Question 151hardmulti select
Review the full OSPF breakdown →

A FortiGate in a multi-area OSPF network is not learning routes from area 1. Which THREE items could be causing this?

Question 152mediummulti select
Study the full SD-WAN breakdown →

An administrator wants to use policy-based routing to forward traffic from subnet 192.168.1.0/24 to a specific next-hop via port2. Which TWO configuration elements are needed?

Question 153mediummultiple choice
Study the full SD-WAN breakdown →

A network administrator is configuring SD-WAN on a FortiGate. They have multiple WAN links and want to ensure that traffic for a critical application uses the link with the lowest latency. Which SD-WAN configuration component should be used to achieve this?

Question 154mediummultiple choice
Review the full OSPF breakdown →

A FortiGate is running OSPF with multiple areas. The administrator needs to redistribute a static route into OSPF. Which command will correctly configure redistribution of static routes into OSPF process 10?

Question 155hardmultiple choice
Open the full BGP breakdown →

An administrator has configured BGP on a FortiGate with two upstream ISPs. They notice that traffic to a specific prefix is not load-balanced as expected; all traffic goes through ISP1 even though both paths are available. 'get router info bgp network' shows the prefix with two next hops. What is the MOST likely cause?

Question 156easymultiple choice
Open the full BGP breakdown →

A FortiGate administrator needs to configure BFD (Bidirectional Forwarding Detection) on a BGP peer to quickly detect link failures. Which CLI command enables BFD on the BGP neighbor 10.1.1.1?

Question 157hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate has multiple VRFs. The administrator wants to leak a route from VRF1 to VRF2. Which configuration is required?

Question 158mediummultiple choice
Study the full SD-WAN breakdown →

An administrator sees the following output from 'get router info routing-table':

S       0.0.0.0/0 [10/0] via 192.168.1.1, port1
S       0.0.0.0/0 [10/0] via 192.168.2.1, port2

They have configured ECMP load balancing. However, traffic to a specific destination IP is always using port1. What is the likely reason?

Question 159easymultiple choice
Study the full SD-WAN breakdown →

Which SD-WAN load balancing algorithm distributes new sessions based on the number of active sessions on each link?

Question 160mediummultiple choice
Read the full DNS explanation →

A FortiGate with SD-WAN configured has a Performance SLA monitoring Google DNS (8.8.8.8). The SLA is configured with latency threshold 100 ms and jitter threshold 20 ms. The link is currently meeting both thresholds. The administrator wants to ensure that if the SLA fails, traffic moves to another link. Which SD-WAN rule strategy should be used?

Question 161hardmultiple choice
Read the full MPLS explanation →

An administrator configures policy-based routing (PBR) on a FortiGate to route traffic from a specific subnet through an MPLS link. The PBR is configured under config router policy. However, traffic from that subnet is still using the default route. What is the most likely issue?

Question 162mediummultiple choice
Review the full OSPF breakdown →

A FortiGate is configured with a route map named RM_OSPF that sets a metric of 100 for redistributed routes. The route map is applied to redistribution into OSPF. After applying, the redistributed routes have a metric of 20. What could be the cause?

Question 163easymultiple choice
Study the full SD-WAN breakdown →

Which FortiGate feature allows the creation of multiple virtual routing tables within a single VDOM?

Question 164mediummultiple choice
Open the full VLAN trunking answer →

A FortiGate administrator is integrating a FortiSwitch managed by the FortiGate. They want to configure a VLAN interface on the FortiSwitch for user traffic. Which configuration is required on the FortiGate?

Question 165mediummulti select
Study the full SD-WAN breakdown →

An administrator is troubleshooting an SD-WAN rule that is not matching expected traffic. The SD-WAN rule uses a custom application category and has a performance SLA attached. Which two conditions must be true for the traffic to be matched by the SD-WAN rule? (Select TWO.)

Question 166hardmulti select
Review the full OSPF breakdown →

A FortiGate is configured with BGP and OSPF. The administrator wants to ensure that routes learned via BGP are redistributed into OSPF, but only specific prefixes. Which three components are needed? (Select THREE.)

Question 167mediummulti select
Study the full SD-WAN breakdown →

A network admin needs to configure a FortiGate to load balance traffic across two ISP links using SD-WAN. The requirement is to use both links simultaneously for different sessions based on source-destination IP hash. Which two settings are required? (Select TWO.)

Question 168mediummultiple choice
Study the full SD-WAN breakdown →

An administrator configures SD-WAN with two members (port1 and port2). A performance SLA monitors latency to 8.8.8.8. The SD-WAN rule uses 'Best Quality' strategy based on latency. When the link on port1 becomes slow, the FortiGate continues using port1 even though port2 has lower latency. What is the most likely cause?

Question 169easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with two ISPs in an SD-WAN. The administrator wants to use the link with the highest bandwidth for bulk downloads, but if that link fails, all traffic should automatically use the backup link. Which load balancing algorithm should be used?

Question 170hardmultiple choice
Open the full BGP breakdown →

An administrator runs 'get router info routing-table bgp' and sees that a route for 10.20.0.0/16 is learned via BGP from a neighbor. However, the route does not appear in the routing table. The administrator checks the BGP configuration and sees that 'network 10.20.0.0 255.255.0.0' is not configured under BGP. What is the most likely reason?

Question 171mediummultiple choice
Review the full OSPF breakdown →

An administrator has configured OSPF on a FortiGate with multiple areas. They want to ensure that routes from area 0 are redistributed into area 1, but they notice that routes from area 1 are not appearing in area 0. What is the most likely configuration issue?

Question 172mediummultiple choice
Open the full BGP breakdown →

A FortiGate is using BFD for BGP fast failure detection. The administrator wants to ensure that if the BFD session goes down, the BGP neighbor is removed and routes are withdrawn immediately. Which configuration is necessary?

Question 173easymultiple choice
Study the full SD-WAN breakdown →

An administrator wants to use a FortiGate to manage FortiSwitch units via the LAN. Which interface configuration is required on the FortiGate to allow this management?

Question 174mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with policy-based routing to force traffic from subnet 10.0.1.0/24 to go through a WAN interface. The administrator notices that traffic from 10.0.1.0/24 is still using the default route. Which debug command can confirm if the policy-based routing is being applied?

Question 175hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate has two WAN links and uses ECMP load balancing for default routes. The administrator wants to ensure that all packets belonging to the same TCP session go out the same interface. Which setting should be enabled?

Question 176mediummultiple choice
Study the full SD-WAN breakdown →

An administrator configures SD-WAN with two members (wan1, wan2) and a performance SLA for ICMP to 1.1.1.1. The SD-WAN rule is set to 'Best Quality' with 'latency' metric. The admin notices that traffic sometimes switches to the other link even when the current link has acceptable latency. Which action can reduce unnecessary flapping?

Question 177easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with multiple virtual routers (VRFs). The administrator wants to allow communication between two VRFs using a firewall policy. Which type of interface is required for the policy?

Question 178hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate is connected to a FortiExtender via USB. The administrator wants to use LTE as a backup WAN link in an SD-WAN setup. After configuring the FortiExtender, the LTE interface is not showing up as an SD-WAN member. What is the most likely reason?

Question 179mediummultiple choice
Study the full SD-WAN breakdown →

An administrator sees the following output from 'diagnose sys session list' for a particular session: proto=6 proto_state=01 duration=3600 expire=3599. What does this indicate about the session?

Question 180mediummulti select
Study the full SD-WAN breakdown →

An administrator is configuring SD-WAN rules to direct specific traffic types. Which TWO of the following criteria can be used in an SD-WAN rule to match traffic?

Question 181hardmulti select
Study the full SD-WAN breakdown →

An administrator is troubleshooting SD-WAN and wants to verify that performance SLA probes are being sent correctly. Which THREE CLI commands can provide information about the SLA probes and their results?

Question 182mediummulti select
Review the full OSPF breakdown →

A FortiGate is configured with OSPF and BGP. The administrator wants to redistribute OSPF routes into BGP. Which TWO steps are required?

Question 183mediummultiple choice
Read the full MPLS explanation →

An administrator is configuring SD-WAN on a FortiGate. They want traffic from the internal network to a specific SaaS application to use the MPLS link unless the latency exceeds 50 ms, in which case traffic should failover to the broadband link. Which configuration elements are required?

Question 184mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with two SD-WAN members (port1 and port2). The administrator sets an SD-WAN rule with 'set load-balance-mode source-dst-ip' for all internal traffic. The source IP is 10.0.0.1 and destination IP is 172.16.0.1. Which factor determines the outgoing interface for this traffic?

Question 185hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is running OSPF in a multi-area topology. The administrator needs to redistribute connected routes from area 0 into area 1 but does not want to leak any other routes. Which configuration is correct?

Question 186easymultiple choice
Study the full SD-WAN breakdown →

An administrator wants to load balance traffic across two WAN links by session count. Which SD-WAN load balancing algorithm should they use?

Question 187mediummultiple choice
Read the full MPLS explanation →

A FortiGate with SD-WAN has two members: MPLS (port1) and Broadband (port2). The performance SLA is configured to monitor latency and packet loss. The administrator notices that after a brief outage on the MPLS link, traffic fails over to Broadband but does not fail back when MPLS recovers. What is the likely cause?

Question 188hardmultiple choice
Study the full SD-WAN breakdown →

You run the following command on a FortiGate: `diagnose sys session filter dport 443` Output: `proto=6 proto_state=01 duration=3600 expire=3599` What does this output indicate?

Question 189mediummultiple choice
Review the full OSPF breakdown →

An administrator wants to use BFD with OSPF to detect link failures faster. What must be configured on the FortiGate?

Question 190easymultiple choice
Study the full SD-WAN breakdown →

Which feature allows a FortiGate to maintain separate routing tables for different customers or departments on the same device?

Question 191mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with ECMP load balancing for equal-cost routes. The administrator wants to ensure that all traffic from a specific source IP uses the same next hop. Which ECMP load balancing method should be selected?

Question 192hardmultiple choice
Study the full SD-WAN breakdown →

An administrator is integrating a FortiExtender with a FortiGate. The FortiExtender is connected to port5 and configured with a cellular WAN connection. What must be configured on the FortiGate to allow the FortiExtender to provide WAN connectivity as an SD-WAN member?

Question 193easymultiple choice
Read the full MPLS explanation →

Which routing protocol is commonly used in SD-WAN deployments to exchange routes between FortiGate and the provider edge router in an MPLS network?

Question 194mediummultiple choice
Open the full BGP breakdown →

An administrator configures a prefix list to filter routes received from a BGP neighbor. The prefix list permits 192.168.0.0/16 le 24. Which routes are permitted?

Question 195mediummulti select
Study the full SD-WAN breakdown →

An administrator needs to integrate a FortiSwitch with a FortiGate for LAN edge management. The FortiGate will manage the switch via the LAN interface. Which TWO steps are required? (Choose two.)

Question 196hardmulti select
Open the full BGP breakdown →

A FortiGate is configured with BGP to an SD-WAN member link. The administrator wants to prefer one link over another for specific routes based on AS path length. Which THREE configurations can influence BGP path selection? (Choose three.)

Question 197mediummulti select
Study the full SD-WAN breakdown →

A network admin is troubleshooting an SD-WAN rule that should steer VoIP traffic to a low-latency link. The rule matches traffic from the VoIP subnet to any destination and uses the 'best-quality' strategy with SLA monitoring. However, traffic is still using the other link. Which TWO checks should the admin perform? (Choose two.)

Question 198mediummulti select
Study the full SD-WAN breakdown →

A network administrator is configuring SD-WAN on a FortiGate to control outbound internet traffic. The requirement is to load balance traffic across two WAN interfaces (port1 and port2) based on the number of new sessions, but only when both links are healthy. The administrator has added both interfaces to the SD-WAN zone and configured performance SLAs. Which TWO additional configuration steps are necessary to implement this requirement?

Question 199hardmulti select
Review the full OSPF breakdown →

A FortiGate is configured with OSPF in a multi-area design. An administrator needs to redistribute static routes from another router into OSPF on the FortiGate, but only for prefixes that match a route map. The administrator has configured 'config router ospf' with 'redistribute static route-map RM_STATIC'. However, the static routes are not appearing in the OSPF database. Which THREE troubleshooting steps should the administrator take?

Question 200easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate administrator wants to use BFD to quickly detect link failures in an SD-WAN deployment. Which statement about BFD configuration on FortiGate is correct?

Question 201mediummulti select
Study the full SD-WAN breakdown →

A FortiGate is configured with multiple VRFs to segregate traffic from different departments. The administrator needs to allow the Finance VRF to access a shared printer in the default VRF. Which TWO steps are required to enable inter-VRF communication?

Question 202hardmultiple choice
Study the full SD-WAN breakdown →

A FortiGate administrator runs 'diagnose sys session list' and sees a session for which the destination interface is 'sdwan'. The session is marked with 'state=01000048'. What does this state indicate about the session?

Question 203mediummulti select
Study the full SD-WAN breakdown →

An administrator is configuring SD-WAN rules to steer traffic based on application performance. The requirement is to use VoIP traffic over the WAN link that has the lowest latency, but if latency exceeds 100ms, fail over to a backup link. The administrator has already created performance SLAs for both links. Which THREE configuration steps are required?

Question 204easymultiple choice
Open the full VLAN trunking answer →

A FortiGate is connected to a FortiSwitch via a trunk port. The administrator wants to manage the FortiSwitch using FortiLink. Which of the following is a prerequisite for FortiLink to function?

Question 205hardmulti select
Study the full SD-WAN breakdown →

A FortiGate running FortiOS 7.2 has multiple WAN interfaces. The administrator is configuring SD-WAN load balancing with the 'volume' algorithm. The requirement is that each interface carries a percentage of total traffic based on its bandwidth capacity. The administrator sets the 'weight' of each interface accordingly. However, traffic distribution is not as expected. Which TWO factors could cause this discrepancy?

Question 206mediummultiple choice
Open the full BGP breakdown →

A network administrator is troubleshooting a BGP session between a FortiGate and an ISP router. The administrator runs 'get router info bgp summary' and sees that the BGP state is 'Active'. What does this state indicate?

Question 207mediummulti select
Study the full SD-WAN breakdown →

A FortiGate is configured with an SD-WAN zone containing two WAN interfaces. The administrator wants to use the 'spillover' load balancing algorithm to ensure that the primary link carries traffic until its bandwidth reaches 80% utilization, after which new sessions are sent to the secondary link. Which THREE configuration steps are necessary?

Question 208easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with ECMP routing to balance traffic across two default routes via two ISPs. The administrator wants to ensure that traffic from the same source-destination pair always uses the same ISP. Which ECMP load balancing method should be configured?

Question 209hardmulti select
Open the full BGP breakdown →

A FortiGate is configured with multiple VRFs. An administrator notices that routes from VRF A are not being advertised to VRF B via BGP, even though the BGP configuration is correct. Which TWO actions could resolve this issue?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

NSE7 Practice Test 1 — 10 Questions→NSE7 Practice Test 2 — 10 Questions→NSE7 Practice Test 3 — 10 Questions→NSE7 Practice Test 4 — 10 Questions→NSE7 Practice Test 5 — 10 Questions→NSE7 Practice Exam 1 — 20 Questions→NSE7 Practice Exam 2 — 20 Questions→NSE7 Practice Exam 3 — 20 Questions→NSE7 Practice Exam 4 — 20 Questions→Free NSE7 Practice Test 1 — 30 Questions→Free NSE7 Practice Test 2 — 30 Questions→Free NSE7 Practice Test 3 — 30 Questions→NSE7 Practice Questions 1 — 50 Questions→NSE7 Practice Questions 2 — 50 Questions→NSE7 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Advanced Networking and SD-WANAdvanced VPN and Zero TrustEnterprise Firewall and VDOMsAdvanced Threat ProtectionTroubleshooting and Diagnostics

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Advanced Networking and SD-WAN setsAll Advanced Networking and SD-WAN questionsNSE7 Practice Hub