Exam NSE7_SDW-7.2 topic 1 question 61 discussion

A: Incorrect because network-overlay is not enabled B: Correct because add-route is disabled C: Incorrect because natt mode=none D: Correct because parent=T_INET_1

A & B are correct. A - claims the config is supported, not necessarily configured, thus the claim is true B - add-route is disabled, thus the claim is true C - "natt: mode=none", thus no NAT-T

D is definitely wrong. There is no indication of any spoke-spoke tunnel. This is a hub (indicated by the auto-discovery-sender command), and tunnel T_INET_1_0 is a hub-spoke tunnel, not a spoke-spoke tunnel, and therefore cannot be a shortcut. C is wrong. IPSec ESP uses UDP 500 unless traversing NAT on either or both ends--only then is UDP 4500 used. However, from Exh B: "natt: mode=none" Thus no NAT-T, therefore no UDP 4500. That leaves A - which is not in the configuration but should be, unless they just mean the config supports it even though it is not configured - which is definitely the case and part of the reference design in the recommended template, most of which is configured on this hub. And B: i think this is actually false -- it looks like we are doing ADVPN with Phase2 Selector (SG p291), in which case the phase 2 selector (i.e., IPsec static routes) *would* be installed in the routing table. This is a bad question, since definitionally, C and D *cannot* be correct based on the diag output, and it appears B is conceptually incorrect.

I think A is wrong since set network overlay enable command isn't configured in Phase1 (and default value is disabled). I see that parent shortcut is T_INET_1 therefore correct answers are BD

Audo discovery sender & add route disable

I can't see c being right cannot tell if 4500 is being used from the output unless I am missing something. But this is a hub config so A is true and B add route is disabled.