Fortinet FCSS_SDW_AR-7.6的中合格問題集 & FCSS_SDW_AR-7.6認定資格試験FCSS_SDW_AR-7.6学習ガイドでは、いつでもどこでも学習できます。学習時間を保証できない場合は、FCSS_SDW_AR-7.6学習ガイドが最適です。随時学習し、学習に利用できるすべての時間を最大限に活用できるためです。オンライン版のFCSS_SDW_AR-7.6ラーニングガイドでは、デバイスの使用を制限していません。コンピューターを使用することも、携帯電話を使用することもできます。いつでも便利だと思うデバイスを選択できます。さらに、FCSS_SDW_AR-7.6試験に問題なく合格できます。 Fortinet FCSS - SD-WAN 7.6 Architect 認定 FCSS_SDW_AR-7.6 試験問題 (Q41-Q46):質問 # 41
Refer to the exhibits.
The exhibits show the SD-WAN zone configuration of an SD-WAN template prepared on FortiManager and the policy package configuration.
When the administrator tries to install the configuration changes, FortiManager fails to commit.
What should the administrator do to fix the issue?
A. Configure both HUB1-VPN1 and HUB1-VPN2 as the destination of policy 3
B. Configure a normalized interface for the IPsec tunnel HUB1-VPN1.
C. Configure branch1_fgt as the installation target for policy 3.
D. Configure HUB1 as the destination of policy 3.
正解:D
解説:
Policy 3 points traffic To = HUB1-VPN1, which is an SD-WAN member interface. In SD-WAN you must reference the SD-WAN zone (the logical interface) in policies, not its member tunnels. Change the policy's To interface to the zone HUB1, and the install will succeed.
質問 # 42
When a customer delegate the installation and management of its SD-WAN infrastructure to an MSSP, the MSSP usually keeps the hub within its infrastructure for ease of management and to share costly resources.
In which two situations will the MSSP install the hub in customer premises? (Choose two.)
A. The administrator expects a large volume of traffic between the branches.
B. The customer expects a large amount of VoIP traffic.
C. The majority of the branch traffic is directed to a corporate data center.
D. The customer requires SIA with centralized breakout.
正解:A、C
質問 # 43
When you use the command diagnose sys session list, how do you identify the sessions that correspond to traffic steered according to SD-WAN rules?
A. You identify sessions steered according to SD-WAN rules with the data sdwan_service_id.
B. You identify sessions steered according to SD-WAN rules with the data vwl_mbr_seq.
C. You cannot identify SD-WAN sessions. You must use the sdwar. session filter.
D. You identify sessions steered according to SD-WAN rules with the flag vwl.
正解:A
解説:
The sdwan_service_id field in the output of diagnose sys session list indicates that the session was selected based on an SD-WAN rule, allowing administrators to trace which SD-WAN service (rule) steered the traffic.
質問 # 44
Refer to the exhibit, which shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured packet loss will make HUB1-VPN3 the new preferred member?
A. When HUB1-VPN3 has 4% packet loss
B. When HUB1-VPN1 has 4% packet loss
C. When all three members have the same packet loss
D. When HUB1-VPN1 has 12% packet loss
正解:C
解説:
The rule is in mode: priority with priority-members 6 4 5. The members' seq_nums map to:
4 → HUB1-VPN1
5 → HUB1-VPN2
6 → HUB1-VPN3
When the link-cost-factor is packet-loss, the lowest loss wins; but if the losses are tied, selection falls back to the priority-members order. With all three showing the same packet loss, the tie- break picks seq_num 6 first - i.e., HUB1-VPN3 - making it the preferred member.
質問 # 45
Refer to the exhibits.
You use FortiManager to manage the branch devices and configure the SD-WAN template. You have configured direct internet access (DIA) for the IT department users. Now. you must configure secure internet access (SIA) for all local LAN users and have set the firewall policies as shown in the second exhibit.
Then, when you use the install wizard to install the configuration and the policy package on the branch devices, FortiManager reports an error as shown in the third exhibit.
Which statement describes why FortiManager could not install the configuration on the branches?
A. You cannot install firewall policies that reference an SD-WAN member.
B. You must direct SIA traffic to a VPN tunnel.
C. You cannot install firewall policies that reference an SD-WAN zone.
D. You cannot install SIA and DIA rules on the same device.
正解:A
解説:
FortiManager enforces a strict distinction:
"Firewall policies must reference SD-WAN zones, not individual SD-WAN members, when used in conjunction with SD-WAN templates. Attempting to install a policy that references a specific member (interface) will result in a deployment error, as member-level targeting is not supported in SD-WAN policy abstraction. This enforces centralized policy consistency and proper SD-WAN operation." Ensuring policies target zones allows FortiGate to dynamically select the optimal member.
