An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings. What is true about the DNS connection to a FortiGuard server?
When using fortiguard servers for DNS? FortiOS uses DNS over TLS by default to secure the DNS traffic. Answer D is correct.
FortiGate_Security_7.2_Study_Guide page 15
D. It uses DNS over TLS.
FortiGate Security 7.2 Study Guide (p.15):
"When using FortiGuard servers for DNS, FortiOS uses DNS over TLS (DoT) by default to secure the DNS traffic."
Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
FortiGate Security 7.2 Study Guide P.15
When using FortiGuard servers for DNS, FortiOS uses DNS over TLS (DoT) by default to secure the DNS traffic. New FortiGuard DNS servers have been added as primary and secondary servers.
When using FortiGuard servers for DNS, FortiOS defaults to using DNS over TLS (DoT) to secure the DNS traffic. So answer D is correct. It will be using not UDP port 53 but port 853.
B is correct
According to FortiOS 7.2.0 Administration Guide:
The following DNS protocols can be enabled:
- cleartext: Enable clear text DNS over port 53 (default).
- dot: Enable DNS over TLS.
- doh: Enable DNS over HTTPS.
I didn't find this reference on Admin Guide, but on FortiGate Security 7.2 Study Guide P.15
When using FortiGuard servers for DNS, FortiOS uses DNS over TLS (DoT) by default to secure the DNS traffic. New FortiGuard DNS servers have been added as primary and secondary servers.
I've tested on lab and the result was the same of the Study Guide.
Correction: D is the right answer. 'When using FortiGuard servers for DNS, FortiOS defaults to using DNS over TLS (DoT) to secure the DNS traffic. New FortiGuard DNS servers are added as primary and secondary servers.'
I’m going with answer D if this exam is focused on FortiOS 7.2.3 and lower. From 7.2.4 the default setting is set to DNS (UDP/53) and TLS (TCP/853) is optional.
For DNS servers, select Use FortiGuard Servers. The Primary DNS server is 96.45.45.45, and the Secondary DNS server is 96.45.46.46. DNS Protocols is set to TLS and cannot be modified.
B CORRECT.
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/92199/use-dns-over-tls-for-default-fortiguard-dns-servers-7-0-4
Debido a que los servidores DNS probablemente no admiten DES de bajo cifrado, los dispositivos de bajo cifrado no tienen la opción de seleccionar DoT o DoH. En su lugar, los dispositivos utilizan de forma predeterminada texto no cifrado (UDP/53).
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Eggrolls
Highly Voted 1 year, 10 months agoSenox999
Highly Voted 1 year, 11 months agomillerry
Most Recent 1 year, 3 months agoGeniusA
1 year, 4 months agoJumpy007
1 year, 7 months agoraydel92
1 year, 7 months ago[Removed]
1 year, 8 months agobgod
1 year, 8 months agoRabbitB
1 year, 10 months agoRabbitB
1 year, 10 months agoRabbitB
1 year, 10 months agoEmmaW
1 year, 11 months agoDalik
1 year, 12 months ago[Removed]
1 year, 8 months agoDalik
1 year, 12 months agoEquiano
2 years, 1 month agoGCISystemIntegrator
2 years, 1 month agoPoseidon458
2 years, 2 months agoefot
2 years, 3 months agolelacool
2 years, 3 months agoSpyder_Byte
2 years, 3 months ago