Share Latest Dec-2025 FCSS_SDW_AR-7.4 DUMP with 51 Questions and Answers
PDF Dumps 2025 Exam Questions with Practice Test
Fortinet FCSS_SDW_AR-7.4 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
NEW QUESTION # 28
You manage an SD-WAN topology. You will soon deploy 50 new branches.
Which three tasks can you do in advance to simplify this deployment? (Choose three.)
- A. Create policy blueprint.
- B. Create model devices.
- C. Create a ZTP template.
- D. Update the DHCP server configuration.
- E. Define metadata variables value for each device.
Answer: A,B,C
NEW QUESTION # 29
Exhibit.
Which action will FortiGate take if it detects SD-WAN members as dead?
- A. FoftiGate bounces port5 after it detects all SD-WAN members as dead.
- B. FortiGate brings down port5 after it detects all SD-WAN members as dead.
- C. FortiGate sends alert messages through poft5 when it detects all SD-WAN members as dead
- D. FortiGate fails over to the secondary device after it detects port5 as dead.
Answer: B
NEW QUESTION # 30
Refer to the exhibit.
An administrator checks the status of an SD-WAN topology using the FortiManager SD-WAN monitor menus. All members are configured with one or two SLAs.
Which two conclusions can you draw from the output shown? (Choose two.)
- A. One member of branch2_fgt is missing the SLAs.
- B. The template view should be used to see the hub devices.
- C. branch2_fgt establishes six tunnels to the hubs and they are all up.
- D. This SD-WAN topology contains only two branch devices.
Answer: A,D
NEW QUESTION # 31
When you use the command diagnose sys session list, how do you identify the sessions that correspond to traffic steered according to SD-WAN rules?
- A. You identify sessions steered according to SD-WAN rules with the flag vwl.
- B. You identify sessions steered according to SD-WAN rules with the data sdwan_service_id.
- C. You cannot identify SD-WAN sessions. You must use the sdwar. session filter.
- D. You identify sessions steered according to SD-WAN rules with the data vwl_mbr_seq.
Answer: B
NEW QUESTION # 32
Refer to the exhibit, which shows output of the command diagnose sys sdwan health-check status collected on a FortiGate device.
Which two statements are correct about the health check status on this FortiGate device?
(Choose two.)
- A. The interface T_INET_0 missed three SLA targets.
- B. The interface T_INET_1 missed one SLA target.
- C. There is no SLA criteria configured for the health-check Level3_DNS.
- D. The health-check VPN_PING orders the members according to the measured jitter.
Answer: B,C
NEW QUESTION # 33
Exhibit.
The administrator configured the IPsec tunnel VPN1 on a FortiGate device with the parameters shown in exhibit.
Based on the configuration, which three conclusions can you draw about the characteristics and requirements of the VPN tunnel? (Choose three.)
- A. The tunnel interface IP address on the spoke side is provided by the hub.
- B. The remote end must support IKEv2.
- C. The remote end can be a third-party IPsec device.
- D. This configuration allows user-defined overlay IP addresses.
- E. The administrator must manually assign the tunnel interface IP address on the hub side
Answer: C,D,E
NEW QUESTION # 34
Within the context of SD-WAN, what does SIA correspond to?
- A. Software Internet Access
- B. Local Breakout
- C. Remote Breakout
- D. Secure Internet Authorization
Answer: C
NEW QUESTION # 35
Which three characteristics apply to provisioning templates available on FortiManager? (Choose three.)
- A. CLI templates are applied in order, from top to bottom
- B. A CLI template group can contain CLI templates of both types.
- C. A template group can include a system template and an SD-WAN template.
- D. Each template group can contain up to three IPsec tunnel templates.
- E. A CLI template can be of type CLI script or Perl script.
Answer: A,B,C
NEW QUESTION # 36
Refer to the exhibits.
An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in the first exhibit. After generating GoToMeeting test traffic, the administrator examined the corresponding traffic log on FortiAnalyzer, which is shown in the second exhibit.
The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)
- A. Full SSL inspection is not enabled on the matching firewall policy.
- B. FortiGate could not refresh the routing information on the session after the application was detected.
- C. The session 3-tuple did not match any of the existing entries in the ISDB application cache.
- D. No configured SD-WAN rule matches the traffic related to the collaboration application GoToMeeting
Answer: B,C
NEW QUESTION # 37
Refer to the exhibits. The exhibits show the configuration for SD-WAN performance. SD-WAN rule, the application IDs of Facebook and YouTube along with the firewall policy configuration and the underlay zone status. Which two statements are true about the health and performance of SD-WAN members 3 and 4? (Choose two.)
- A. Encrypted traffic is not used for the performance measurement.
- B. The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.
- C. Only related TCP traffic is used for performance measurement.
- D. FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.
Answer: B,C
NEW QUESTION # 38
The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks.
What are two mandatory post-run tasks that must be performed? (Choose two.)
- A. Assign a hub id metadata variable to each hub device.
- B. Configure routing through the overlay tunnels created by the SD-WAN overlay template.
- C. Configure SD-WAN rules
- D. Assign an sdwan_id metadata variable to each device (branch and hub)
- E. Create policy packages and assign them to the branch devices.
Answer: C,E
NEW QUESTION # 39
Refer to the exhibits.
You use FortiManager to configure SD-WAN on three branch devices.
When you install the device settings. FortiManager prompts you with the error "Copy Failed" for the device branch1_fat When you click the log button. FortiManager displays the message shown in the exhibit.
- A. Based on the exhibits, which statement best describes the issue and how you can resolve it?
- B. Check the connection between branch1_fgt and FortiManager
- C. Gateways for all members in a zone must be defined the same way. Specify the gateway of the SD-WAN member port! without metadata variables.
- D. Check the metadata variable definitions, and review the per-device mapping configuration.
- E. Remove the installation target for the SD-WAN member port4. You cannot combine metadata variable and installation targets.
Answer: A
NEW QUESTION # 40
Refer to the exhibit that shows event logs on FortiGate. Based on the output shown in the exhibit, what can you say about the tunnels on this device?
- A. There is one shortcut tunnel built from master tunnel VPN4.
- B. The master tunnel HU82-VPN3 cannot accept ADVPN shortcuts.
- C. The VPN tunnel HUB1-VPN1_0 is a shortcut tunnel.
- D. The device steers voice traffic through the VPN tunnel HUB1-VPN3.
Answer: D
NEW QUESTION # 41
Refer to the exhibits.
The exhibits show the configuration for SD-WAN performance. SD-WAN rule, the application IDs of Facebook and YouTube along with the firewall policy configuration and the underlay zone status.
Which two statements are true about the health and performance of SD-WAN members 3 and 4? (Choose two.)
- A. Encrypted traffic is not used for the performance measurement.
- B. The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.
- C. Only related TCP traffic is used for performance measurement.
- D. FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.
Answer: B,C
NEW QUESTION # 42
Refer to the exhibit.
Which SD-WAN rule and interface uses FortiGate to steer the traffic from the LAN subnet 10.0.1.0/24 to the corporate server 10.2.5.254?
- A. SD-WAN service rule 4 and interface port2.
- B. SD-WAN service rule 3 and interface HUB1-VPN2.
- C. SD-WAN service rule 4 and port1 or port2.
- D. SD-WAN service rule 3 and interface HUB1-VPN3.
Answer: D
NEW QUESTION # 43
Exhibit.
Refer to the exhibit, which shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured packet loss will make HUB1-VPN3 the new preferred member?
- A. When all three members have the same packet loss
- B. When HUB1-VPN1 has 4% packet loss
- C. When HUB1-VPN1 has 12% packet loss
- D. When HUB1-VPN3 has 4% packet loss
Answer: A
NEW QUESTION # 44
Refer to the exhibit.
Which statement best describe the role of the ADVPN device in handling traffic?
- A. This is a spoke. The kernel received a shortcut request and forwards the query to another spoke.
- B. This is a spoke that has received a shortcut query from another spoke and has forwarded the response to its hub.
- C. This is a hub that has received a query from a spoke and has forwarded it to another spoke.
- D. This is a hub in a dual-region topology. The remote hub tunnel ID is 10.0.2.101.
Answer: B
NEW QUESTION # 45
The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks.
What are three mandatory post-run tasks that must be performed? (Choose three.)
- A. Assign an sdwan_id metadata variable to each device (branch and hub).
- B. Configure SD-WAN rules.
- C. Assign a branch_id metadata variable to each branch device.
- D. Create policy packages for branch devices.
- E. Configure routing through overlay tunnels created by the SD-WAN overlay template.
Answer: B,C,E
NEW QUESTION # 46
Which two statements correctly describe what happens when traffic matches the implicit SD-WAN rule? (Choose two.)
- A. Traffic does not match any of the entries in the policy route table.
- B. The traffic is distributed, regardless of weight, through all available static routes.
- C. FortiGate flags the session with may_dirty and vwl_def ault.
- D. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.
- E. The session information output displays no SD-WAN service id.
Answer: A,E
NEW QUESTION # 47
Refer to the exhibits. The exhibits show the source NAT (SNAT) global setting. port2 interface settings, and the routing table on FortiGate.
The administrator increases the member priority on port2 to 20. Upon configuration changes and the receipt of new packets, which two actions does FortiGate perform on existing sessions established over port2? (Choose two.)
- A. FortiGate continues routing all existing sessions over port2.
- B. FortiGate flags the sessions as dirty.
- C. FortiGate flags the SNAT session as dirty only if the administrator has assigned an IP pool to the firewall policies with NAT.
- D. FortiGate routes only new sessions over port2.
- E. FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.
Answer: B,E
NEW QUESTION # 48
Refer to the exhibit. The administrator used the SD-WAN overlay template to prepare an IPsec tunnels configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the FortiManager installation preview for one FortiGate device.
Based on the exhibit, which statement best describes the configuration applied to the FortiGate device?
- A. It is a spoke device that establishes dynamic IPsec tunnels to the hub. The local subnet range is
10.10.128.0/23. - B. It is a hub device. It can send ADVPN shortcut offers.
- C. It is a hub device. It will automatically discover the spoke devices and add them to the SD-WAN topology.
- D. It is a spoke device that establishes dynamic IPsec tunnels to the hub It can send ADVPN shortcut requests.
Answer: B
NEW QUESTION # 49
Refer to the exhibit.
Refer to the exhibit.
You want to configure SD-WAN on a network as shown in the exhibit.
The network contains many FortiGate devices. Some are used as NGFW, and some are installed with extensions such as FortiSwitch. FortiAP. or Forti Ex tender.
What should you consider when planning your deployment?
- A. You must build multiple SD-WAN topologies. Each topology must contain only one type of extension.
- B. You can build an SD-WAN topology that includes all devices. The hubs must be devices without extensions.
- C. You can build an SD-WAN topology that includes all devices. The hubs can be FortiGate devices with Forti Extender.
- D. You must use FortiManager to manage your SD-WAN topology.
Answer: B
NEW QUESTION # 50
Refer to the exhibit, which shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured packet loss will make HUB1-VPN3 the new preferred member?
- A. When all three members have the same packet loss
- B. When HUB1-VPN1 has 4% packet loss
- C. When HUB1-VPN1 has 12% packet loss
- D. When HUB1-VPN3 has 4% packet loss
Answer: A
NEW QUESTION # 51
......
Dumps for Free FCSS_SDW_AR-7.4 Practice Exam Questions: https://troytec.itpassleader.com/Fortinet/FCSS_SDW_AR-7.4-dumps-pass-exam.html