ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_SDW-7.0 All Questions

View all questions & answers for the NSE7_SDW-7.0 exam
Go to Exam

Exam NSE7_SDW-7.0 topic 1 question 21 discussion

Actual exam question from Fortinet's NSE7_SDW-7.0
Question #: 21
Topic #: 1
[All NSE7_SDW-7.0 Questions]

Refer to the exhibits.


Which two statements about the IPsec VPN configuration and the status of the IPsec VPN tunnel are true? (Choose two.)

  • A. FortiGate does not install IPsec static routes for remote protected networks in the routing table.
  • B. The phase 1 configuration supports the network-overlay setting.
  • C. FortiGate facilitated the negotiation of the T_INET_1_0_0 ADVPN shortcut over T_INET_1_0.
  • D. Dead peer detection is disabled.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by karak008 at June 12, 2023, 2:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
karak008
Highly Voted 1 year, 1 month ago
Selected Answer: AB
D is false C is false because there is no auto-discovery-receiver or sender so ADVPN is not configured Has to be A and B
upvoted 8 times
adityad
6 months, 2 weeks ago
Yeah, this is HUB config. "net-device" is disabled , so ADVPN shortcuts wont work. The exhibit is trying to trick us by showing the logs of a child dial-up tunnel on the HUB, instead of a shortcut. The study guide points out on page 282 to not get confused.
upvoted 1 times
...
furymistrz
11 months, 1 week ago
Agree. And answer A is correct cause add-route is disabled, and B is correct as configuration "SUPPORTS" the network-overlay settings as it's IKEv2.
upvoted 5 times
...
...
KavinT
Most Recent 4 months ago
A & B are correct. No presence of AD VPN config
upvoted 1 times
...
effman
7 months, 4 weeks ago
Selected Answer: AC
If you look at the diagnose vpn tunnel list command output you will notice the line with parent=T_INET_1_0 which means this is a dynamic tunnel over that parent tunnel. Also D is clearly false and B is not seen in the configuration (unless this is a tricky question meaning B could theoretically be enabled).
upvoted 1 times
...
charruco
8 months, 2 weeks ago
A, B are correct
upvoted 1 times
...
ilbartonicola
11 months ago
Selected Answer: AB
A is correct cause add-route is disabled B is correct as configuration "SUPPORTS" the network-overlay settings as it's IKEv2, dont ask that is enable only if it supports C is false because there is no auto-discovery-receiver or sender so ADVPN is not configured D is false because DPD on-demand is configured
upvoted 3 times
...
Dogbert
11 months, 2 weeks ago
Selected Answer: AC
D is configured and B is not enabled so AC
upvoted 1 times
...
themageofsec
1 year ago
Selected Answer: BC
DPD is enable such as "on demand". And instead in the config contains "add-route disable", in the diagnose output we can see the dst selector different of "0.0.0.0-255.255.255.255" and in the line above, the parameter "add-route".
upvoted 1 times
...
draven76
1 year ago
Selected Answer: AB
The question asks if the config SUPPORTS (not if it's already enabled) "network-overlay" setting. It's true because the phase1-interface is configured as IKE v2 (IKE v1 doesn't, you can test in any Fortigate just editing a fake phase1-interface). C and D are false (read other comments), so it's A & B.
upvoted 2 times
...
JABarracus
1 year, 1 month ago
Selected Answer: AC
B is false because "set network-overlay enable" is not configured in the phase1 D is false because DPD on-demand is configured
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago