Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam FCSS_SASE_AD-23 Topic 2 Question 19 Discussion

Actual exam question for Fortinet's FCSS_SASE_AD-23 exam
Question #: 19
Topic #: 2
[All FCSS_SASE_AD-23 Questions]

What are two advantages of using zero-trust tags? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

To resolve internal hostnames using internal DNS servers for remotely connected endpoints, the following two components must be configured on FortiSASE:

Split DNS Rules:

Split DNS allows the configuration of specific DNS queries to be directed to internal DNS servers instead of public DNS servers.

This ensures that internal hostnames are resolved using the organization's internal DNS infrastructure, maintaining privacy and accuracy for internal network resources.

Split Tunneling Destinations:

Split tunneling allows specific traffic (such as DNS queries for internal domains) to be routed through the VPN tunnel while other traffic is sent directly to the internet.

By configuring split tunneling destinations, you can ensure that DNS queries for internal hostnames are directed through the VPN to the internal DNS servers.


FortiOS 7.2 Administration Guide: Provides details on configuring split DNS and split tunneling for VPN clients.

FortiSASE 23.2 Documentation: Explains the implementation and configuration of split DNS and split tunneling for securely resolving internal hostnames.

by Freida at Feb 12, 2025, 06:57 PM

Limited Time Offer

25%

Off

Get Premium FCSS_SASE_AD-23 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Aleta
1 months ago
B and D, easy. Though I'm wondering if the exam writer is trying to trick us with that SSL deep inspection option. Seems a bit too obvious to be the right answer.
upvoted 0 times
...
Krissy
1 months ago
Hmm, I'd go with B and C. Split DNS rules and split tunneling destinations. Gotta keep that internal traffic nice and private, you know?
upvoted 0 times
Miles
20 days ago
User 1: I agree, split DNS rules and split tunneling destinations are the way to go.
upvoted 0 times
...
...
Lashandra
1 months ago
Definitely B and D. Split tunneling and SSL deep inspection don't seem relevant to this scenario.
upvoted 0 times
Tanja
24 days ago
Split DNS rules and DNS filter are essential for this configuration.
upvoted 0 times
...
Blondell
25 days ago
I agree, B and D are the correct choices for resolving internal hostnames.
upvoted 0 times
...
...
Cornell
2 months ago
I'm not sure about DNS filter, but Split DNS rules definitely make sense for this scenario.
upvoted 0 times
...
Simona
2 months ago
I agree with Xochitl. Split DNS rules will help resolve internal hostnames using internal DNS servers.
upvoted 0 times
...
Leanna
2 months ago
Wait, so we're supposed to configure FortiSASE to handle internal DNS queries? That's like using a Ferrari to take the kids to soccer practice.
upvoted 0 times
Candida
1 months ago
B) Split DNS rules
upvoted 0 times
...
Dominga
1 months ago
A) SSL deep inspection
upvoted 0 times
...
...
Xochitl
2 months ago
I think the answer is B) Split DNS rules and D) DNS filter.
upvoted 0 times
...
Junita
2 months ago
I think the answer is B and D. Split DNS rules to route internal hostname queries to the internal DNS server, and DNS filter to enforce the use of the internal DNS server.
upvoted 0 times
Elly
1 months ago
I agree, Split DNS rules will route internal hostname queries to the internal DNS server.
upvoted 0 times
...
...

Save Cancel