Which two statements about SLA targets and SD-WAN rules are true? (Choose two.)

1. A. When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.
2. B. SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.
3. C. SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.
4. D. Member metrics are measured only if an SLA target is configured.

Correct Answer: BD

Exhibit.

The exhibit shows VPN event logs on FortiGate. In the output shown in the exhibit, which statement is true?

1. A. There are no IPsec tunnel statistics log messages for ADVPN cuts.
2. B. There is one shortcut tunnel built from master tunnel T_MPLS_0.
3. C. The VPN tunnel T_MPLS_0 is a shortcut tunnel.
4. D. The master tunnel T_INET_0 cannot accept the ADVPN shortcut.

Correct Answer: B
VPN event logs record the status of VPN tunnels, such as the establishment, termination, or failure of a tunnel. The output includes the following information:
✑ logid: the log ID number
✑ type: the log type, either traffic or event
✑ subtype: the log subtype, either vpn or ipsec
✑ level: the log level, either error, warning, or notice
✑ vd: the virtual domain name
✑ logdesc: the log description
✑ msg: the log message
✑ action: the log action, such as tunnel-up, tunnel-down, or tunnel-stats
✑ remip: the remote IP address
✑ locip: the local IP address
✑ remport: the remote port number
✑ locport: the local port number
✑ outintf: the outgoing interface name
✑ cookies: the IKE SA cookies
✑ user: the user name
✑ group: the user group name
✑ useralt: the alternative user name
✑ xauthuser: the XAuth user name
✑ authgroup: the XAuth user group name
✑ assignip: the assigned IP address
✑ vpntunnel: the VPN tunnel name
✑ tunnellip: the tunnel loopback IP address
✑ tunnelid: the tunnel ID number
✑ tunneltype: the tunnel type, either ipsec or ssl
✑ duration: the tunnel duration in seconds
✑ sentbyte: the number of bytes sent
✑ rcvdbyte: the number of bytes received
✑ nextstat: the next statistics interval in seconds
✑ advpnsc: the ADVPN shortcut flag, either 0 or 1 Based on the exhibit, the following statement is true:
✑ There is one shortcut tunnel built from master tunnel T_MPLS_0. This means that the VPN tunnel T_MPLS_0 is a master tunnel that can send ADVPN shortcut offers to other spokes, and the VPN tunnel T_MPLS_0_0 is a shortcut tunnel that is built from the master tunnel T_MPLS_01. In the exhibit, the log action for T_MPLS_0 is tunnel-up, and the log action for T_MPLS_0_0 is shortcut-up. The advpnsc flag for T_MPLS_0 is 0, indicating that it is not a shortcut tunnel, while the advpnsc flag for T_MPLS_0_0 is 1, indicating that it is a shortcut tunnel.

Refer to the exhibits.
Exhibit A

Exhibit B

Exhibit A shows the SD-WAN performance SLA configuration, the SD-WAN rule configuration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status.
Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.)

1. A. The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member.
2. B. FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic.
3. C. FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.
4. D. Non-TCP Facebook and YouTube traffic are not used for performance measurement.

Correct Answer: AD
Study Guide 7.2, pages 103 - 104. Another comment said "because without using application Control on the firewall policy, SDWAN can't work" but there is a app control "default" defined on config.

Refer to the exhibit.

Which are two expected behaviors of the traffic that matches the traffic shaper? (Choose two.)

1. A. The number of simultaneous connections among all source IP addresses cannot exceed five connections.
2. B. The traffic shaper limits the combined bandwidth of all connections to a maximum of 5 MB/sec.
3. C. The number of simultaneous connections allowed for each source IP address cannot exceed five connections.
4. D. The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec.

Correct Answer: CD

What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.)

1. A. It ensures consistent settings between phase1 and phase2.
2. B. It guides the administrator to use Fortinet recommended settings.
3. C. It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.
4. D. The VPN monitor tool provides additional statistics for tunnels defined with an IPsec recommended template.

Correct Answer: AB
The use of an IPsec recommended template offers the advantage of ensuring consistent settings between phase1 and phase2 (A), which is essential for the stability and security of the IPsec tunnel. Additionally, it guides the administrator to use Fortinet's recommended settings (B), which are designed to optimize performance and security based on Fortinet's best practices. References: The benefits of using IPsec recommended templates are outlined in Fortinet's SD-WAN documentation, which emphasizes the importance of consistency and adherence to recommended configurations.