Which two performance SLA protocols enable you to verify that the server response contains a specific value? (Choose two.)
A. http
B. icmp
C. twamp
D. dns
Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)
A. The sdwan_service_id flag in the session information is 0.
B. All SD-WAN rules have the default setting enabled.
C. Traffic does not match any of the entries in the policy route table.
D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
Refer to exhibits.
Exhibit A shows the source NAT global setting and exhibit B shows the routing table on FortiGate.
Based on the exhibits, which two statements about increasing the port2 interface priority to 20 are true? (Choose two.)
A. All the existing sessions that do not use SNAT will be flushed and routed through port1.
B. All the existing sessions will continue to use port2, and new sessions will use port1.
C. All the existing sessions using SNAT will be flushed and routed through port1.
D. All the existing sessions will be blocked from using port1 and port2.
Which diagnostic command can you use to show the SD-WAN rules interface information and state?
A. diagnose sys sdwan route-tag-list.
B. diagnose sys sdwan service.
C. diagnose sys sdwan member.
D. diagnose sys sdwan neighbor.
Refer to the exhibit.
Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub 1 and Hub 2 The administrator configured ADVPN on the dual regions topology
Which two statements are correct if a user in Toronto sends traffic to London? (Choose two )
A. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.
B. The first packets from Toronto to London are routed through Hub 1 then to Hub 2.
C. London generates an IKE information message that contains the Toronto public IP address.
D. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.
Refer to the exhibit.
FortiGate has multiple dial-up VPN interfaces incoming on port1 that match only FIRST_VPN.
Which two configuration changes must be made to both IPsec VPN interfaces to allow incoming connections to match all possible IPsec dial-up interfaces? (Choose two.)
A. Specify a unique peer ID for each dial-up VPN interface.
B. Use different proposals are used between the interfaces.
C. Configure the IKE mode to be aggressive mode.
D. Use unique Diffie Hellman groups on each VPN interface.
Why is it effective to use SD WAN rules when configuring application control?
A. Because traffic can be load balanced based on application type
B. Because SD-WAIM rules are independent from firewall policies to avoid controlling applications
C. Because you must use certificate full inspection on the firewall policy
D. Because the application database is manually maintained by administrators
Which two interfaces are considered overlay links? (Choose two.)
A. IPsec
B. Physical
C. LAG
D. GRE
Which diagnostic command you can use to show interface-specific SLA logs for the last 10 minutes?
A. diagnose sys virtual-wan-link health-check
B. diagnose sys virtual-wan-link log
C. diagnose sys virtual-wan-link sla-log
D. diagnose sys virtual-wan-link intf-sla-log
Which two benefits from using forward error correction (FEC) in IPsec VPNs are true? (Choose two.)
A. FEC transmits the original payload in full to recover the error in transmission.
B. FEC reduces the stress on the remote device buffer to reconstruct packet loss.
C. FEC transmits additional packets as redundant data to the remote device.
D. FEC improves reliability, which overcomes adverse WAN conditions such as noisy links.
