Refer to the exhibits.
Exhibit A
Exhibit B
Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.
Based on the exhibits, which two statements are correct? (Choose two.)
Correct Answer:
AC
Which statement about SD-WAN zones is true?
Correct Answer:
D
SD-WAN zones are a group of interfaces that share the same SD-WAN settings, such as health check, SLA, and load balancing. Some characteristics of SD-WAN zones are:
✑ An SD-WAN zone can contain different types of interfaces, such as physical, VLAN, aggregate, and tunnel interfaces1.
✑ An SD-WAN zone can contain up to 512 members1.
✑ You can use an SD-WAN zone in static route definitions, as long as the destination interface is also an SD-WAN zone1.
✑ You can configure up to 32 SD-WAN zones per VDOM1.
Exhibit.
The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?
Correct Answer:
B
VPN event logs record the status of VPN tunnels, such as the establishment, termination, or failure of a tunnel. The output includes the following information:
✑ logid: the log ID number
✑ type: the log type, either traffic or event
✑ subtype: the log subtype, either vpn or ipsec
✑ level: the log level, either error, warning, or notice
✑ vd: the virtual domain name
✑ logdesc: the log description
✑ msg: the log message
✑ action: the log action, such as tunnel-up, tunnel-down, or tunnel-stats
✑ remip: the remote IP address
✑ locip: the local IP address
✑ remport: the remote port number
✑ locport: the local port number
✑ outintf: the outgoing interface name
✑ cookies: the IKE SA cookies
✑ user: the user name
✑ group: the user group name
✑ useralt: the alternative user name
✑ xauthuser: the XAuth user name
✑ authgroup: the XAuth user group name
✑ assignip: the assigned IP address
✑ vpntunnel: the VPN tunnel name
✑ tunnellip: the tunnel loopback IP address
✑ tunnelid: the tunnel ID number
✑ tunneltype: the tunnel type, either ipsec or ssl
✑ duration: the tunnel duration in seconds
✑ sentbyte: the number of bytes sent
✑ rcvdbyte: the number of bytes received
✑ nextstat: the next statistics interval in seconds
✑ advpnsc: the ADVPN shortcut flag, either 0 or 1 Based on the exhibit, the following statement is true:
✑ There is one shortcut tunnel built from master tunnel T_MPLS_0. This means that the VPN tunnel T_MPLS_0 is a master tunnel that can send ADVPN shortcut offers to other spokes, and the VPN tunnel T_MPLS_0_0 is a shortcut tunnel that is built from the master tunnel T_MPLS_01. In the exhibit, the log action for T_MPLS_0 is tunnel-up, and the log action for T_MPLS_0_0 is shortcut-up. The advpnsc flag for T_MPLS_0 is 0, indicating that it is not a shortcut tunnel, while the advpnsc flag for T_MPLS_0_0 is 1, indicating that it is a shortcut tunnel.
Refer to the exhibit.
Which statement explains the output shown in the exhibit?
Correct Answer:
D
The snat-route-change option is enabled by default. This option enables FortiGate to re- evaluate the routing table and select a new egress interface if the next hop IP address changes. This option only applies to sessions in the dirty state. Sessions in the log state are not affected by routing changes.
What are two benefits of using forward error correction (FEC) in IPsec VPNs? (Choose two.)
Correct Answer:
BC
