Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE8_812 Topic 3 Question 33 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 33
Topic #: 3
[All NSE8_812 Questions]

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.

Which two statements are true regarding the requirements? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: A, C

ZTNA supports SSH connection rules that allow remote workers to access SSH servers inside the network through an HTTPS tunnel between the client and the access proxy (FortiGate). The access proxy acts as an SSH client to connect to the real SSH server on behalf of the user, and performs host-key validation to verify the identity of the server. The user can use any SSH client that supports HTTPS proxy settings, such as PuTTY or OpenSSH. References: https://docs.fortinet.com/document/fortigate/7.0.0/ztna-deployment/899992/configuring-ztna-rules-to-control-access


by Allene at Sep 14, 2024, 02:31 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Shantay
4 months ago
Haha, option D is like saying ZTNA can't even handle SSH traffic. That's a good one!
upvoted 0 times
Gearldine
3 months ago
Lenora: Definitely. We can use FortiGate for SSH access proxy host-key validation.
upvoted 0 times
...
Lenora
4 months ago
User 2: I agree. We just need to make sure we follow the security requirements for inspecting the traffic.
upvoted 0 times
...
Dean
4 months ago
Yeah, option D is pretty funny. ZTNA should be able to handle SSH traffic.
upvoted 0 times
...
...
Aracelis
4 months ago
D is definitely wrong, ZTNA should support SSH connection rules. I'd go with A and C as the true statements.
upvoted 0 times
Glennis
4 months ago
Let's make sure to follow the security requirements and configure the FortiClient properly for inspecting the SSH traffic.
upvoted 0 times
...
Antonio
4 months ago
I think A and C are the true statements. FortiGate can perform SSH access proxy host-key validation and SSH traffic is tunneled over HTTPS.
upvoted 0 times
...
Jules
4 months ago
I agree, D is definitely wrong. ZTNA should support SSH connection rules.
upvoted 0 times
...
...
Ailene
5 months ago
I think A and C are the correct answers. The FortiGate can validate the SSH host-key and the traffic is tunneled over HTTPS, which aligns with ZTNA security requirements.
upvoted 0 times
...
Matthew
5 months ago
I'm not sure about option B. Do we really need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic?
upvoted 0 times
...
Mireya
5 months ago
Option C makes the most sense to me. ZTNA should support tunneling the SSH traffic over HTTPS for secure access.
upvoted 0 times
Rima
3 months ago
Configuring a FortiClient SSL-VPN tunnel is not necessary for inspecting SSH traffic with ZTNA.
upvoted 0 times
...
Lynelle
3 months ago
FortiGate can also perform SSH access proxy host-key validation, which adds an extra layer of security.
upvoted 0 times
...
Natalya
3 months ago
I agree, tunneling SSH traffic over HTTPS is a secure way to access the network remotely.
upvoted 0 times
...
Tamekia
3 months ago
Option C is correct. SSH traffic is tunneled over HTTPS for secure access.
upvoted 0 times
...
Margot
4 months ago
Yes, it's important to follow security requirements when granting access to an SSH server.
upvoted 0 times
...
Vince
4 months ago
I agree, tunneling SSH traffic over HTTPS adds an extra layer of security.
upvoted 0 times
...
Stevie
4 months ago
Option C makes the most sense to me. ZTNA should support tunneling the SSH traffic over HTTPS for secure access.
upvoted 0 times
...
...
Barney
5 months ago
I agree with Ozell. Option C is also true because SSH traffic is tunneled between the client and the access proxy over HTTPS.
upvoted 0 times
...
Ozell
5 months ago
I think option A is true because FortiGate can perform SSH access proxy host-key validation.
upvoted 0 times
...

Save Cancel