NSE7 · topic practice

Advanced Networking and SD-WAN practice questions

Practise Fortinet NSE 7 Advanced Security NSE7 Advanced Networking and SD-WAN practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Advanced Networking and SD-WAN

What the exam tests

What to know about Advanced Networking and SD-WAN

SD-WAN questions usually test the control plane vs data plane separation, the roles of vSmart, vBond and vEdge, and how overlay tunnels ride across multiple underlay transports.

SD-WAN architecture: vSmart (control), vBond (orchestration), vEdge/cEdge (data).

Overlay vs underlay transport concepts.

OMP routing protocol and policy distribution via vSmart.

How SD-WAN improves WAN flexibility over traditional MPLS-only designs.

Watch out for

Common Advanced Networking and SD-WAN exam traps

  • vBond orchestrates initial connections but does not make routing decisions.
  • OMP is the SD-WAN control-plane routing protocol, not BGP or OSPF.
  • The underlay transport is separate from the overlay data path.
  • cEdge devices run IOS-XE; vEdge devices run Viptela OS.

Practice set

Advanced Networking and SD-WAN questions

20 questions · select your answer, then reveal the explanation

Question 1easymultiple choice
Read the full MPLS explanation →

A network administrator is configuring SD-WAN on a FortiGate. The organization has two internet links: MPLS (primary) and broadband (backup). The administrator wants all traffic to use the MPLS link unless it fails, in which case traffic should fail over to the broadband link. Which SD-WAN configuration best achieves this requirement?

Question 2mediummultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with SD-WAN and has two WAN members: Member1 (ISP1) with priority 10, and Member2 (ISP2) with priority 5. The SD-WAN rule for traffic from the internal network uses the 'best quality' strategy. During normal operation, traffic flows through Member1. After a link failure on Member1, traffic correctly fails over to Member2. However, when Member1 is restored, traffic does not fail back. What is the most likely cause?

Question 3hardmultiple choice
Read the full MPLS explanation →

An enterprise uses FortiGate as an SD-WAN edge device with three WAN links: Link A (MPLS), Link B (broadband), and Link C (LTE). The SD-WAN rule for VoIP traffic uses the 'best quality' strategy with link-quality-measurement enabled. The VoIP traffic is routed via Link A. During peak hours, users report poor voice quality. The administrator checks the SD-WAN performance SLA logs and sees that Link A's jitter and latency are within acceptable thresholds, but packet loss is slightly elevated. Which action would most likely improve VoIP quality without manual intervention?

Question 4mediummulti select
Study the full SD-WAN breakdown →

Which THREE statements are true about FortiGate SD-WAN health-check configuration?

Question 5hardmulti select
Study the full SD-WAN breakdown →

Which TWO statements correctly describe the behavior of SD-WAN rules when using the 'maximize-bandwidth' strategy?

Question 6hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is deployed with two ISPs and SD-WAN. The organization uses OSPF to exchange routes with a remote branch. The administrator notices that the FortiGate is not installing OSPF-learned routes into the routing table. The OSPF configuration is verified to be correct, and neighbors are established. Which configuration could be causing the issue?

Question 7mediummultiple choice
Read the full MPLS explanation →

An organization is deploying SD-WAN across multiple sites with two internet links (MPLS and broadband) at the main branch. They want voice traffic to use the MPLS link unless it fails, in which case failover to broadband should occur. Which SD-WAN rule configuration achieves this?

Question 8hardmultiple choice
Study the full SD-WAN breakdown →

A network engineer is troubleshooting an SD-WAN setup where traffic from a specific subnet is not being load-balanced as expected. The SD-WAN rule uses 'source IP' hashing. The engineer notices that the traffic originates from multiple hosts in the same /24 subnet. What is the most likely cause of poor load distribution?

Question 9easymultiple choice
Study the full SD-WAN breakdown →

A FortiGate is configured with two static routes to the same destination 0.0.0.0/0 with equal distance but different priorities. The priority values are 10 and 20. Which route will be used for traffic matching the default route?

Question 10hardmulti select
Open the full BGP breakdown →

Which TWO statements are true regarding BGP path selection in a FortiGate SD-WAN environment?

Question 11mediummultiple choice
Read the full MPLS explanation →

A company with a hub-and-spoke SD-WAN topology uses FortiGates at each site. The hub has two WAN links: MPLS (10 Mbps) and broadband (100 Mbps). The spokes connect only via MPLS. The company deploys a new real-time application that requires low latency and low jitter. The network administrator creates an SD-WAN rule for this application with 'best quality' strategy and both MPLS and broadband as members. The SLA for MPLS is configured with latency < 10 ms and jitter < 5 ms. The SLA for broadband is configured with latency < 50 ms and jitter < 20 ms. The actual measured latency on MPLS is 12 ms, and jitter is 4 ms. The broadband latency is 25 ms, jitter 10 ms. Which path will the application traffic take?

Question 12mediummulti select
Study the full SD-WAN breakdown →

An administrator is configuring SD-WAN on a FortiGate to route traffic between two internet connections (ISP1 and ISP2). The SD-WAN rules use performance SLA to measure latency. Which TWO statements are true about SD-WAN rule matching and failover?

Question 13easymultiple choice
Study the full SD-WAN breakdown →

A company has two internet connections: a primary fiber link (port1, 100 Mbps) and a backup DSL link (port2, 20 Mbps). They are using SD-WAN to load balance traffic based on volume, with a rule that sends 70% of traffic to port1 and 30% to port2. Recently, users report that video conferencing applications are experiencing high latency and jitter. The network team finds that the SD-WAN performance SLA for the fiber link shows 80% packet loss and high latency. The SD-WAN rule action is set to 'best quality' with a latency threshold of 150 ms. The current latency on port1 is 200 ms, and on port2 is 40 ms. What should the administrator do to ensure that video conferencing traffic uses the DSL link while the fiber link is degraded?

Question 14mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to troubleshoot a FortiGate SSL VPN connection failure into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 15mediumdrag order
Study the full SD-WAN breakdown →

Drag and drop the steps to configure a FortiGate to use an external authentication server (e.g., RADIUS) for admin login into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 16mediummatching
Read the full VPN explanation →

Match each IPsec VPN term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Internet Key Exchange version 1

Internet Key Exchange version 2

Encapsulating Security Payload

Authentication Header

Perfect Forward Secrecy

Question 17mediummatching
Study the full SD-WAN breakdown →

Match each FortiGate interface type to its usage.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Hardware network port

Virtual LAN subinterface

Virtual interface for management or routing

Combines multiple physical links for redundancy

Link aggregation (LAG) for increased bandwidth

Question 18mediummultiple choice
Study the full SD-WAN breakdown →

A network engineer is configuring SD-WAN on a FortiGate. They have three WAN interfaces (wan1, wan2, lte) and want traffic to the primary datacenter (10.10.10.0/24) to use wan1 unless its latency exceeds 50 ms, in which case failover to wan2. The engineer created an SD-WAN rule with a strategy of 'Manual' and selected 'wan1' as the preferred member. What additional configuration is required to achieve automatic failover based on latency?

Question 19hardmultiple choice
Review the full OSPF breakdown →

A FortiGate is running OSPF with multiple areas. The admin wants to redistribute a static route for 192.168.100.0/24 into OSPF. After configuring 'config router ospf' with 'redistribute static' enabled, the route appears in the OSPF database but is not being advertised to other areas. What is the most likely cause?

Question 20easymultiple choice
Study the full SD-WAN breakdown →

An administrator wants to load balance traffic across two ISP links using SD-WAN. The requirement is that sessions from the same source IP address must always use the same ISP link. Which SD-WAN load balancing algorithm should be used?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Advanced Networking and SD-WAN sessions

Start a Advanced Networking and SD-WAN only practice session

Every question in these sessions is drawn from the Advanced Networking and SD-WAN domain — nothing else.

Related practice questions

Related NSE7 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the NSE7 exam test about Advanced Networking and SD-WAN?
SD-WAN questions usually test the control plane vs data plane separation, the roles of vSmart, vBond and vEdge, and how overlay tunnels ride across multiple underlay transports.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Advanced Networking and SD-WAN questions in a focused session?
Yes — the session launcher on this page draws every question from the Advanced Networking and SD-WAN domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other NSE7 topics?
Use the topic links above to move to related areas, or go back to the NSE7 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the NSE7 exam covers. They are not copied from any real exam or dump site.