searching1

@aas, DM'd you. Im interested to join the group.

please reupload?

Same here guys, any update?

Thanks @R2013, Are you planning to take the exam as well? Can you share what learning materials can be use to practice versa?

any updated link or if anyone can re-upload?

Thanks Man, keep it rollin

Congrats DCexpo!

Something related with the overlay/underlay.

@ChunLi Thanks for sharing. Thank you to everyone who has participated to this discussion. I passed the exam. Good luck to all.

Is this the correct answer ? [Hidden Content] To check interface logs from the past 15 minutes: FGT (root) # diagnose sys virtual-wan-link intf-sla-log R150 or C? To check SLA logs in the past 10 minutes: FGT (root) # diagnose sys sdwan sla-log ping 1 haha kinda confusing to me. 15min vs 10min & int logs vs sla logs QUESTION 5 Which diagnostic command you can use to show interface-specific SLA logs for the last 10 minutes? A. diagnose sys virtual-wan-link health-check B. diagnose sys virtual-wan-link log C. diagnose sys virtual-wan-link sla-log D. diagnose sys virtual-wan-link intf-sla-log Correct Answer: C

What is the correct answer here? Refer to the exhibit. related to "diagnose sys session list " result. Based on the exhibit, which statement about FortiGate re-evaluating traffic is true? A. The type of traffic defined and allowed on firewall policy ID 1 is UDP. B. Changes have been made on firewall policy ID 1 on FortiGate. C. Firewall policy ID 1 has source NAT disabled. D. FortiGate has terminated the session after a change on policy ID 1. Correct Answer: B - looking at the protocol it is a ICMP (protocol 1 ) so it is not udp nor tcp. - state shows... ""state=dirty may_dirty" If the traffic is allowed by a firewall policy, the unit creates a session and flags it as 'may_dirty'. After that, if there is a change on the firewall policies or any other condition that will trigger the state change, all the existing sessions with the 'may_dirty' flag will be flagged as dirty. This indicates to the FortiGate that it needs to reevaluate the next session packet. If the session is still allowed/valid and match the expected firewall policy to be allowed, the dirty flag is removed and the 'may_dirty' flag is kept. Below are the conditions that will trigger a session to be mark as 'dirty' when: 1) Any changes on any firewall policy. <----- 2) Routing changes. 3) Any network related config changes.

We can refer to the old dumps for 10% of the q&a, but be careful to double-check so we need to review and go by the book. All, If someone has recently passed the exam utilizing the provided dump, kindly update the results here.

Please confirm.. An administrator is troubleshooting VoIP quality issues that occur when calling external phone numbers The SD-WAN interface on the edge FortiGate is configured with the default settings, and is using two upstream links One link has random jitter and latency issues and is based on a wireless connection Which two actions must the administrator apply simultaneously on the edge FortiGate to improve VoIP quality using SD_WAN rules? A. Place the troublesome link at the top of the interface preference list. B. Use the performance SLA targets to detect latency and jitter instantly. C. Configure an SD-WAN rule to load balance all traffic without VoIP D. Select the corresponding SD-WAN balancing strategy in the SD-WAN rule E. Choose the suitable interface based on the interface cost and weight My Answer: B E Most of the dumps say B and D, but I think B and E are the best option since if we're having troubles with voip on one of the links, adjusting the cost or interface preference would be the simplest solution, right?

Which two statements describe how IPsec phase 1 main mode is different from aggressive mode when performing IKE negotiation? (Choose two ) A. The use of Diffie Hellman keys is limited by the responder and needs initiator acceptance. B. A peer ID is included in the first packet from the initiator, along with suggested security policies. C. A total of six packets are exchanged between an initiator and a responder instead of three packets. D. XAuth is enabled as an additional level of authentication, which requires a username and password. Provided answer: C & D - for me the right answer should be A & C. A - because part of main mode is the exchange of keys on both initiator and responder?

Additional Q. Please confirm...Here, looks like the correct answer is CD In the default SD-WAN minimum configuration, which two statements are correct when traffic matches the default implicit SD-WAN rule? (Choose two ) A. The FIB lookup resolved interface was the SD-WAN member interface B. Matched traffic failed RPF and was caught by the rule. C. Traffic has matched none of the FortiGate policy routes D. An absolute SD-WAN rule was defined and matched traffic My answer: C - what happens if none of the SD-WAN rules can forward the traffic?.. If no routing rules are defined, the default Implicit rule is used. D. SD-WAN routing logic SD-WAN rules are matched only if the best route to the destination points to SD-WAN. SD-WAN member is selected only if it has a route to the destination. a & b is incorrect since The sd-wan rule balances traffic based on how you configured SD-WAN load balancing. did not find anything related with FIB and RPF.