ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_SDW-7.2 All Questions

View all questions & answers for the NSE7_SDW-7.2 exam
Go to Exam

Exam NSE7_SDW-7.2 topic 1 question 5 discussion

Actual exam question from Fortinet's NSE7_SDW-7.2
Question #: 5
Topic #: 1
[All NSE7_SDW-7.2 Questions]

Refer to the exhibit.

The exhibit shows output of the command diagnose sys sdwan service collected on a FortiGate device.
The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HQ servers 10.0.0.1.
Based on the exhibits, which two statements are correct? (Choose two.)

  • A. There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1.
  • B. FortiGate steers traffic to HQ servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected.
  • C. When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.
  • D. FortiGate steers traffic for business application according to service rule 2 and steers traffic through port2.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by IBB90704 at March 8, 2024, 1:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ee0808
Highly Voted 9 months, 1 week ago
C & D Salesforce = Business category -> D is correct C is a general rule
upvoted 12 times
theklee
1 month, 2 weeks ago
Yes, Salesforce = business category, but the service sd-wan service 3 rule says "Internet Services" which are application specific. If they wanted to catch Salesforce as a business application, the rule should say Application Control instead of Internet Service.
upvoted 1 times
...
...
theklee
Most Recent 1 month, 2 weeks ago
In terms of sdwan service, Business is an application category, not an Internet Service. The Salesforce application is an internet service. At least in 7.4.5. Therefore A is correct - no service is defined for Salesforce and C is also correct. D would be correct if the diag sys sdwan service showed Application Control: Business but it shows Internet Service instead.
upvoted 1 times
...
ccie8122
1 month, 4 weeks ago
Selected Answer: CD
A is incorrect because Salesforce is in category Business and with the matching source IP address, the traffic will match Service 2, thus making D correct. C is correct as a general catch-all rule logic (absent application matching)--even though not applicable as the application does match in this case.
upvoted 1 times
...
rac_sp
3 months ago
Selected Answer: CD
Guys I just confirmed in the Fortiguard Labs that the Sales Force traffic belongs to the category BUSINESS. Therefore, answer is C and D
upvoted 1 times
...
evdw
3 months, 4 weeks ago
Selected Answer: CD
rule 2 match is not based ISDB but on application category (category 29 = Business) If Application Control is activated on the security policy, traffic can be matched and sdwan service rule can be matched So I would go for C,D
upvoted 2 times
...
geroboamo
4 months ago
Selected Answer: AC
the question states that salesforce is hosted on a private server, so sdwan rule 2 is not matched since it uses Internet Services DataBase. So traffic will be managed by rule 3
upvoted 2 times
...
luismanzanero
5 months, 1 week ago
Selected Answer: CD
C & D are correcte
upvoted 1 times
...
fottyfan
6 months ago
Question is, would Salesforce traffic be recognized if it is to private servers?
upvoted 3 times
[Removed]
5 months, 2 weeks ago
I agree with your reasoning that's why I would go for option A and C considering the business runs on the private HQ servers and they are not available over the internet
upvoted 2 times
...
...
tibrad4
6 months, 2 weeks ago
Selected Answer: CD
C&D I originally thought A and C but after looking at it this question is very misleading. Answer D is not saying that the specific server traffic is going to use port2, it is saying Salesforce traffic will use it. Since Salesforce is in the business category, A becomes invalid and D becomes true.
upvoted 1 times
...
sugar12
7 months ago
Selected Answer: CD
A is wrong because Salesforce is part of the business category B is wrong because rule 1 doesnt cover salesforce therefore C & D are correct
upvoted 1 times
...
VLAN_G
7 months, 2 weeks ago
Selected Answer: CD
CD for sure.
upvoted 1 times
...
truserud
8 months, 1 week ago
Selected Answer: CD
Forgot to mark answers. See my other comment below.
upvoted 1 times
...
truserud
8 months, 1 week ago
C & D are correct. C is the dirst correct answer in this scenario. D is the second correct answer: Salesforce is indeed identified as a Business Category. Just check up your Application Control profile on your Fortigate and view entries, then search for Salesforce. Thus it will hit Rule (Service) 2. As we all know; SD-WAN rules are handled the same way as Firewall Policies, from top to bottom. Thus D is correct.
upvoted 1 times
...
ginmco
8 months, 1 week ago
The answer is C & D When you go under "View Application Signatures" Salesforce = Business category -> D is correct C is a general rule
upvoted 2 times
...
lucient
8 months, 2 weeks ago
Selected Answer: CD
It says "with a destination of the --> BUSINESS <-- application Salesforce". So, traffic will skip sdwan rule #1 because it's not Facebook nor Twitter. Then, Salesforce traffic will match sdwan rule #2 because it is "business" category traffic. And, if it can't identify the service, it will match sdwan rule #3. So, the correct answers are C and D.
upvoted 3 times
...
Tommy_S
9 months, 1 week ago
Selected Answer: AC
A&C are correct
upvoted 1 times
lucient
8 months ago
No. C and D are right.
upvoted 1 times
...
...
alejandrofern43
9 months, 1 week ago
Selected Answer: AC
A. There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1. C. When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.
upvoted 2 times
lucient
8 months ago
No. C and D are right.
upvoted 1 times
...
gogudindeal
9 months, 1 week ago
Salesforce = Business category
upvoted 3 times
gogudindeal
9 months, 1 week ago
For application detection you can use applications from FortiGuard’s predefined application list, create groups with those applications, or use application categories. Application categories group application per purpose, for example business, game, social media. You can also combine application group with specific applications. Page 184 study guide
upvoted 2 times
...
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago