Exam NSE7_SDW-7.2 topic 1 question 5 discussion

C & D Salesforce = Business category -> D is correct C is a general rule

D is not correct because ISDBs are public IPs, not 10.0.0.1

C is correct D is incorrect - The Internet Service Database is public IP address database that comes from the FortiGuard service system. The server define with private IP located at HQ, which is unlikely to be recognized by FortiGuard

Answers C and D are correct A: is incorrect because, there is a service defined for salesforce. It is considered under the category of business rather than the application specifically being called out. B: is incorrect because, there is no correlation between the application ID and the interface it is coming out from other than the source address. C: is correct because, it could use rule 3 if it did not have the category already selected in rule 2. However, if the service was not defined in service 2 it would use 3 D: is correct because, service (2) uses port 2 and the application ID falls into the business category.

Option C oversimplifies the process. When Fortigate cannot recognize the application, FortiGate will try to match the traffic based on the available rules. Rule 3 is chosen when no other specific rules match the traffic due to the default fallback behavior. For me, C is incorrect since it suggests that Rule 3 is selected only when Fortigate cannot recognize the application.

In terms of sdwan service, Business is an application category, not an Internet Service. The Salesforce application is an internet service. At least in 7.4.5. Therefore A is correct - no service is defined for Salesforce and C is also correct. D would be correct if the diag sys sdwan service showed Application Control: Business but it shows Internet Service instead.

A is incorrect because Salesforce is in category Business and with the matching source IP address, the traffic will match Service 2, thus making D correct. C is correct as a general catch-all rule logic (absent application matching)--even though not applicable as the application does match in this case.

Guys I just confirmed in the Fortiguard Labs that the Sales Force traffic belongs to the category BUSINESS. Therefore, answer is C and D

rule 2 match is not based ISDB but on application category (category 29 = Business) If Application Control is activated on the security policy, traffic can be matched and sdwan service rule can be matched So I would go for C,D

the question states that salesforce is hosted on a private server, so sdwan rule 2 is not matched since it uses Internet Services DataBase. So traffic will be managed by rule 3

C & D are correcte

Question is, would Salesforce traffic be recognized if it is to private servers?

C&D I originally thought A and C but after looking at it this question is very misleading. Answer D is not saying that the specific server traffic is going to use port2, it is saying Salesforce traffic will use it. Since Salesforce is in the business category, A becomes invalid and D becomes true.

A is wrong because Salesforce is part of the business category B is wrong because rule 1 doesnt cover salesforce therefore C & D are correct

CD for sure.

Forgot to mark answers. See my other comment below.

C & D are correct. C is the dirst correct answer in this scenario. D is the second correct answer: Salesforce is indeed identified as a Business Category. Just check up your Application Control profile on your Fortigate and view entries, then search for Salesforce. Thus it will hit Rule (Service) 2. As we all know; SD-WAN rules are handled the same way as Firewall Policies, from top to bottom. Thus D is correct.