Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
When using fortiguard servers for DNS? FortiOS uses DNS over TLS by default to secure the DNS traffic. Answer D is correct.
FortiGate_Security_7.2_Study_Guide page 15
D. It uses DNS over TLS.
FortiGate Security 7.2 Study Guide (p.15):
"When using FortiGuard servers for DNS, FortiOS uses DNS over TLS (DoT) by default to secure the DNS traffic."
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
FortiGate Security 7.2 Study Guide P.15
When using FortiGuard servers for DNS, FortiOS uses DNS over TLS (DoT) by default to secure the DNS traffic. New FortiGuard DNS servers have been added as primary and secondary servers.
When using FortiGuard servers for DNS, FortiOS defaults to using DNS over TLS (DoT) to secure the DNS traffic. So answer D is correct. It will be using not UDP port 53 but port 853.
B is correct
According to FortiOS 7.2.0 Administration Guide:
The following DNS protocols can be enabled:
- cleartext: Enable clear text DNS over port 53 (default).
- dot: Enable DNS over TLS.
- doh: Enable DNS over HTTPS.
Correction: D is the right answer. 'When using FortiGuard servers for DNS, FortiOS defaults to using DNS over TLS (DoT) to secure the DNS traffic. New FortiGuard DNS servers are added as primary and secondary servers.'
I didn't find this reference on Admin Guide, but on FortiGate Security 7.2 Study Guide P.15
When using FortiGuard servers for DNS, FortiOS uses DNS over TLS (DoT) by default to secure the DNS traffic. New FortiGuard DNS servers have been added as primary and secondary servers.
I've tested on lab and the result was the same of the Study Guide.
I’m going with answer D if this exam is focused on FortiOS 7.2.3 and lower. From 7.2.4 the default setting is set to DNS (UDP/53) and TLS (TCP/853) is optional.
For DNS servers, select Use FortiGuard Servers. The Primary DNS server is 96.45.45.45, and the Secondary DNS server is 96.45.46.46. DNS Protocols is set to TLS and cannot be modified.
B CORRECT.
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/92199/use-dns-over-tls-for-default-fortiguard-dns-servers-7-0-4
Debido a que los servidores DNS probablemente no admiten DES de bajo cifrado, los dispositivos de bajo cifrado no tienen la opción de seleccionar DoT o DoH. En su lugar, los dispositivos utilizan de forma predeterminada texto no cifrado (UDP/53).
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Eggrolls
Highly Voted 10 months agoSenox999
Highly Voted 11 months, 1 week agomillerry
Most Recent 3 months, 1 week agoGeniusA
3 months, 4 weeks agoJumpy007
7 months agoraydel92
7 months, 1 week agorian00z_
8 months agobgod
8 months, 2 weeks agoRabbitB
10 months agoRabbitB
10 months agoRabbitB
10 months agoEmmaW
11 months, 3 weeks agoDalik
11 months, 3 weeks agoDalik
11 months, 3 weeks agorian00z_
8 months agoEquiano
1 year agoGCISystemIntegrator
1 year, 1 month agoPoseidon458
1 year, 2 months agoefot
1 year, 3 months agolelacool
1 year, 3 months agoSpyder_Byte
1 year, 3 months ago