Fortinet Exam FCSS_SASE_AD-23 Topic 2 Question 21 Discussion

Actual exam question for Fortinet's FCSS_SASE_AD-23 exam

Question #: 21
Topic #: 2

You are designing a new network for Company X and one of the new cybersecurity policy requirements is that all remote user endpoints must always be connected and protected Which FortiSASE component facilitates this always-on security measure?

Asite-based deployment

Bthin-branch SASE extension

Cunified FortiClient

Dinline-CASB

Show Suggested Answer

Suggested Answer: B, C

To resolve internal hostnames using internal DNS servers for remotely connected endpoints, the following two components must be configured on FortiSASE:

Split DNS Rules:

Split DNS allows the configuration of specific DNS queries to be directed to internal DNS servers instead of public DNS servers.

This ensures that internal hostnames are resolved using the organization's internal DNS infrastructure, maintaining privacy and accuracy for internal network resources.

Split Tunneling Destinations:

Split tunneling allows specific traffic (such as DNS queries for internal domains) to be routed through the VPN tunnel while other traffic is sent directly to the internet.

By configuring split tunneling destinations, you can ensure that DNS queries for internal hostnames are directed through the VPN to the internal DNS servers.

FortiOS 7.2 Administration Guide: Provides details on configuring split DNS and split tunneling for VPN clients.

FortiSASE 23.2 Documentation: Explains the implementation and configuration of split DNS and split tunneling for securely resolving internal hostnames.

by Teri at Mar 20, 2025, 11:16 AM

Limited Time Offer

25%

Off

Get Premium FCSS_SASE_AD-23 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lamonica

22 days ago

Hmm, I'm not sure about the SSL deep inspection part, but the split DNS rules and DNS filter make sense to me. Gotta love those internal DNS servers, am I right?

upvoted 0 times