Exhibit.Two hub-and-spoke groups are connected through redundant site-to-site IPsec VPNs between Hub 1 and Hub 2Which two configuration settings are required for the spoke A1 to establish an ADVPN shortcut with the spoke B2? (Choose two.)
Answer(s): A,D
To allow spokes in different hub-and-spoke groups to establish ADVPN shortcuts, the hubs must be configured to forward and send ADVPN shortcut offers. The key required settings on the hub are auto-discovery-forwarder (for VPNs to hubs) and auto-discovery-sender (for VPNs to spokes). This ensures the hub can facilitate and advertise ADVPN shortcut offers between spokes.
Fortinet SD-WAN 7.4 ADVPN Guide (Auto-discovery settings for hub-and-spoke topologies)
Refer to the exhibit.Which SD-WAN rule and interface uses FortiGate to steer the traffic from the LAN subnet 10.0.1.0/24 to the corporate server 10.2.5.254?
Answer(s): D
Traffic steering in Fortinet SD-WAN is based on defined rules and the corresponding outgoing interfaces. The exhibit (not shown here) would indicate that the traffic from the LAN subnet 10.0.1.0/24 to the server 10.2.5.254 is matched by SD-WAN rule 3 and sent out via the HUB1-VPN3 interface.
FortiOS 7.4 SD-WAN Concept Guide Rule Matching
Refer to the exhibit.Refer to the exhibit.You want to configure SD-WAN on a network as shown in the exhibit.The network contains many FortiGate devices. Some are used as NGFW, and some are installed with extensions such as FortiSwitch. FortiAP. or Forti Ex tender.What should you consider when planning your deployment?
Answer(s): B
In Fortinet SD-WAN, hubs should not have extensions like FortiSwitch, FortiAP, or FortiExtender installed, as these can affect hub functionality and scalability. While all device types can be included in the topology, the hubs must be "clean" FortiGate devices without such extensions to ensure proper ADVPN and overlay management.
Fortinet SD-WAN Reference Architecture Guide 7.4 Hub requirements
Refer to the exhibit.Refer to the exhibit that shows event logs on FortiGate.Based on the output shown in the exhibit, what can you say about the tunnels on this device?
Answer(s): C
Event logs (from the exhibit) show how traffic is matched to SD-WAN rules and routed. The logoutput indicates that voice traffic is being routed through the HUB1-VPN3 tunnel. This matches SD- WAN's application-aware steering, which uses dynamic performance metrics to select the optimal path.
FortiOS 7.4 SD-WAN Application-Aware Routing Documentation
Exhibit.Which action will FortiGate take if it detects SD-WAN members as dead?
You are planning a large SD-WAN deployment with approximately 1000 spokes and want to allow ADVPN between the spokes. Some remote sites use FortiSASE to connect to the company's SD-WAN hub. Which overlay routing configuration should you use?
Answer(s): A
For a large-scale SD-WAN deployment (such as 1000 spokes) where ADVPN shortcut routing is required and some remote sites connect via FortiSASE, the recommended overlay routing configuration is BGP running on loopback interfaces, combined with dynamic BGP for ADVPN shortcut routing. This design leverages the scalability and resilience of BGP, allowing dynamic discovery and route exchange necessary for shortcut tunnels between spokes in ADVPN environments. Using loopback interfaces for BGP peering is considered best practice because it decouples routing protocol stability from physical link status, ensuring that if a physical underlay interface fails, the BGP session remains up as long as there's an alternate path. With dynamic BGP, each spoke can efficiently learn the routes to other spokes and dynamically establish shortcuts, which is critical at this scale. This method also integrates smoothly with FortiSASE for remote connectivity to the SD-WAN hub, providing flexibility and centralized management.
Fortinet SD-WAN Reference Architecture Guide 7.4, "Scalable Routing with BGP on Loopback and ADVPN Shortcuts"Fortinet SD-WAN Concept Guide, "Overlay Routing Designs for Large Deployments"
Refer to the exhibits.You connect to a device behind a branch FortiGate device and initiate a ping test. The device is part of the LAN subnet and its IP address is 10.0.1.101.Based on the exhibits, which interface uses branch 1_fgt to steer the test traffic?
You manage an SD-WAN topology. You will soon deploy 50 new branches.Which three tasks can you do in advance to simplify this deployment? (Choose three.)
Answer(s): B,C,E
When planning to deploy a large number of branches (e.g., 50), Fortinet recommends several preparatory steps to simplify and automate the rollout. Creating model devices allows you topredefine configurations and settings that can be cloned or adapted for each branch, saving time and minimizing manual errors. Preparing a Zero Touch Provisioning (ZTP) template enables automatic onboarding and provisioning of new FortiGates as soon as they come online, reducing manual intervention. Lastly, creating a policy blueprint allows for standardized policy deployment across all branches, ensuring consistent security and SD-WAN rule enforcement. This holistic approach streamlines the deployment process, allows for rapid scaling, and ensures that all devices are configured according to corporate policy from day one.
Fortinet SD-WAN 7.4 Reference Architecture, "ZTP and Model Device Strategies for Scalable Rollouts"FortiManager Admin Guide, "Policy Blueprints and Automation for Branch Deployment"
Share your comments for Fortinet NSE6_SDW_AD-7.6 exam with other users:
question: 162 should be dlp (b)
good exam questions
I have to say this is really close to real exam. Passed my exam with this.
good analytics question
this looks accurate
question 46, the answer should be data "virtualization" (not visualization).
its useful.
Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
informative for me.
question 134s answer shoule be "dlp"
in 72 the answer must be [sys_user_has_role] table.
i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
great to find this website, thanks
examination questions seem to be relevant.
planning to take psm test
please allow to download
please provide dumps
is the answer to question 15 correct ? i feel like the answer should be b
its getting more technical
i think these questions are what i need.
helpful assessment
i am confused about the answers to the questions. do you know if the answers are correct?
hi, please make the dumps available for my upcoming examination.
good practice
so far it is really informative
hi i want it please please upload it
am preparing for exam ,just nice questions
please upload c_tadm_23 exam
can we get tdvan4 vantage data engineering pdf?
want to clear the exam.
could you please upload the dumps of sap c_sac_2302
asm management configuration is about storage
kool thumb up
just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.