20+ practice questions focused on Advanced Networking and SD-WAN — one of the most tested topics on the Fortinet NSE 7 Advanced Security NSE7 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Advanced Networking and SD-WAN PracticeA network administrator is configuring SD-WAN on a FortiGate. The organization has two internet links: MPLS (primary) and broadband (backup). The administrator wants all traffic to use the MPLS link unless it fails, in which case traffic should fail over to the broadband link. Which SD-WAN configuration best achieves this requirement?
Explanation: Option A is correct because setting the MPLS link priority to 10 (higher) and broadband to 5 (lower) ensures the SD-WAN rule with 'best quality' strategy selects the MPLS link as the preferred path. The 'best quality' strategy evaluates link quality metrics and, when priorities differ, prefers the higher-priority link. If the MPLS link fails, the strategy automatically fails over to the broadband link, meeting the requirement.
A FortiGate is configured with SD-WAN and has two WAN members: Member1 (ISP1) with priority 10, and Member2 (ISP2) with priority 5. The SD-WAN rule for traffic from the internal network uses the 'best quality' strategy. During normal operation, traffic flows through Member1. After a link failure on Member1, traffic correctly fails over to Member2. However, when Member1 is restored, traffic does not fail back. What is the most likely cause?
Explanation: Option B is correct because when 'set probe-mode passive' is configured, the health-check server only monitors the link without actively generating probe traffic, and 'set update-static-route disable' prevents the static route associated with Member1 from being re-enabled after the link is restored. This means the route remains inactive, so SD-WAN cannot fail back to Member1 even though the physical link is up.
An enterprise uses FortiGate as an SD-WAN edge device with three WAN links: Link A (MPLS), Link B (broadband), and Link C (LTE). The SD-WAN rule for VoIP traffic uses the 'best quality' strategy with link-quality-measurement enabled. The VoIP traffic is routed via Link A. During peak hours, users report poor voice quality. The administrator checks the SD-WAN performance SLA logs and sees that Link A's jitter and latency are within acceptable thresholds, but packet loss is slightly elevated. Which action would most likely improve VoIP quality without manual intervention?
Explanation: Option B is correct because configuring a performance SLA with specific thresholds for jitter, latency, and packet loss allows FortiGate to dynamically failover VoIP traffic to another WAN link when Link A's packet loss exceeds the defined threshold (e.g., 0.5%). Since the 'best quality' strategy uses link-quality-measurement to select the link with the best SLA compliance, applying a performance SLA with a packet-loss threshold ensures that even if jitter and latency are acceptable, elevated packet loss triggers a switch to a healthier link, improving voice quality without manual intervention.
Which THREE statements are true about FortiGate SD-WAN health-check configuration?
Explanation: Option C is correct because FortiGate SD-WAN health-check allows configuring multiple thresholds for jitter, latency, and packet loss. These thresholds are used to determine the quality of a link; if any threshold is exceeded, the link is considered failed. This enables granular control over link health assessment beyond simple reachability.
Which TWO statements correctly describe the behavior of SD-WAN rules when using the 'maximize-bandwidth' strategy?
Explanation: Option B is correct because the 'maximize-bandwidth' strategy in SD-WAN rules uses weighted load balancing, where the administrator assigns weights to each member link. The proportion of traffic each member handles is directly proportional to its assigned weight, allowing fine-grained control over bandwidth utilization across multiple WAN links.
+15 more Advanced Networking and SD-WAN questions available
Practice all Advanced Networking and SD-WAN questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Advanced Networking and SD-WAN. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Advanced Networking and SD-WAN questions on the NSE7 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Advanced Networking and SD-WAN is tested as part of the Fortinet NSE 7 Advanced Security NSE7 blueprint. Practicing with targeted Advanced Networking and SD-WAN questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free NSE7 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Advanced Networking and SD-WAN is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Advanced Networking and SD-WAN practice session with instant scoring and detailed explanations.
Start Advanced Networking and SD-WAN Practice →