Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam FCSS_SASE_AD-23 Topic 2 Question 7 Discussion

Actual exam question for Fortinet's FCSS_SASE_AD-23 exam
Question #: 7
Topic #: 2
[All FCSS_SASE_AD-23 Questions]

An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints. Which two components must be configured on FortiSASE to achieve this? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, C

To resolve internal hostnames using internal DNS servers for remotely connected endpoints, the following two components must be configured on FortiSASE:

Split DNS Rules:

Split DNS allows the configuration of specific DNS queries to be directed to internal DNS servers instead of public DNS servers.

This ensures that internal hostnames are resolved using the organization's internal DNS infrastructure, maintaining privacy and accuracy for internal network resources.

Split Tunneling Destinations:

Split tunneling allows specific traffic (such as DNS queries for internal domains) to be routed through the VPN tunnel while other traffic is sent directly to the internet.

By configuring split tunneling destinations, you can ensure that DNS queries for internal hostnames are directed through the VPN to the internal DNS servers.


FortiOS 7.2 Administration Guide: Provides details on configuring split DNS and split tunneling for VPN clients.

FortiSASE 23.2 Documentation: Explains the implementation and configuration of split DNS and split tunneling for securely resolving internal hostnames.

Contribute your Thoughts:

Gregoria
4 months ago
I'm surprised they didn't include 'unicorn tears' as an answer. But B and D are the real deal here.
upvoted 0 times
Kristel
3 months ago
D) DNS filter
upvoted 0 times
...
Jacklyn
3 months ago
B) Split DNS rules
upvoted 0 times
...
...
Mary
4 months ago
Haha, the options are like a game of 'which one of these things is not like the other?' B and D are the way to go, folks.
upvoted 0 times
...
Fernanda
4 months ago
SSL deep inspection? Really? That's for inspecting HTTPS traffic, not for resolving internal hostnames. Gotta go with B and D.
upvoted 0 times
Stephen
3 months ago
Exactly, SSL deep inspection is not for resolving internal hostnames.
upvoted 0 times
...
Detra
3 months ago
D) DNS filter
upvoted 0 times
...
Royce
4 months ago
B) Split DNS rules
upvoted 0 times
...
...
Cheryl
5 months ago
Hold up, split tunneling destinations? What is this, a trick question? Clearly, it's B and D all the way.
upvoted 0 times
Luther
3 months ago
Agreed, those two components will help resolve internal hostnames using internal DNS servers.
upvoted 0 times
...
Ardella
3 months ago
Yeah, split DNS rules and DNS filter are the way to go.
upvoted 0 times
...
Rosina
3 months ago
I think it's B and D for sure.
upvoted 0 times
...
Gearldine
3 months ago
Yeah, split DNS rules and DNS filter are essential components for configuring FortiSASE to achieve that.
upvoted 0 times
...
Gearldine
3 months ago
I think you're right, it's definitely B and D for resolving internal hostnames using internal DNS servers.
upvoted 0 times
...
...
Christene
5 months ago
I also think the answer is B) Split DNS rules. It makes sense to configure this on FortiSASE for internal hostname resolution.
upvoted 0 times
...
Carmela
5 months ago
Split DNS rules and DNS filter, that's a no-brainer. Can't believe they're even asking this on the exam!
upvoted 0 times
Dana
4 months ago
Yeah, it's pretty straightforward. Just make sure those are configured correctly on FortiSASE.
upvoted 0 times
...
Denny
5 months ago
Split DNS rules and DNS filter are essential for resolving internal hostnames using internal DNS servers.
upvoted 0 times
...
...
Hassie
5 months ago
I agree with Antonette. Split DNS rules would allow the organization to resolve internal hostnames using internal DNS servers.
upvoted 0 times
...
Antonette
5 months ago
I think the answer is B) Split DNS rules.
upvoted 0 times
...

Save Cancel