New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE8_812 Exam - Topic 1 Question 23 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 23
Topic #: 1
[All NSE8_812 Questions]

SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.

You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.

What should you configure?

Show Suggested Answer Hide Answer
Suggested Answer: C

To control multicast traffic passing through a FortiGate configured in transparent mode, you can use multicast policies. Multicast policies allow you to filter multicast traffic based on source and destination addresses, protocols, and interfaces. You can also apply security profiles to scan multicast traffic for threats and violations. References: https://docs.fortinet.com/document/fortigate/6.2.14/cookbook/968606/configuring-multicast-forwarding


by Evangelina at May 22, 2024, 01:25 AM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Judy
3 months ago
Option C could work, but I prefer sticking with one reliable DNS.
upvoted 0 times
...
Myrtie
3 months ago
I’m leaning towards option D, but not sure if it’s the most efficient.
upvoted 0 times
...
Glennis
3 months ago
Wait, why would we need two DNS servers? Seems unnecessary.
upvoted 0 times
...
Elenor
4 months ago
Totally agree, using the interface IPs makes sense!
upvoted 0 times
...
Glendora
4 months ago
I think option B is the best choice for low latency.
upvoted 0 times
...
Jackie
4 months ago
I’m a bit confused about the differences between options B and D. Both mention SD-WAN rules, but I can't recall which one is more effective for DNS performance.
upvoted 0 times
...
Lezlie
4 months ago
I practiced a similar question where we had to optimize DNS queries, and I feel like option D might be the right choice since it mentions using the interface IP.
upvoted 0 times
...
Annelle
4 months ago
I think option C sounds familiar; using multiple DNS servers could help, but I wonder if it’s the simplest solution.
upvoted 0 times
...
Mitsue
5 months ago
I remember something about configuring SD-WAN rules, but I'm not sure if using a loopback interface is necessary for DNS resolution.
upvoted 0 times
...
Cecil
5 months ago
This seems straightforward to me. Option A looks like it would give me the most control over the DNS traffic and allow me to optimize the routing, so that's the one I'll go with.
upvoted 0 times
...
Gretchen
5 months ago
I'm not totally sure about this one. I think I'll try to eliminate the options that don't seem directly relevant to the DNS resolution issue, then focus on the remaining choices.
upvoted 0 times
...
Geoffrey
5 months ago
Hmm, I'm a bit confused on the best approach here. I'll need to carefully read through the options and think about how each one might impact the DNS resolution time.
upvoted 0 times
...
Leeann
5 months ago
This seems like a tricky one, but I think I have a good strategy. I'll focus on trying to minimize the DNS resolution time, since that's the key issue they're asking about.
upvoted 0 times
...
Veronika
5 months ago
Okay, I've got this. The key is to configure the SD-WAN rules to direct the DNS traffic to the best available link. Option D looks like the way to go.
upvoted 0 times
...
Shannon
5 months ago
I'm a bit unsure about the package-based deployments and scratch orgs approach. I'm not as familiar with that, so I'd want to research it more before selecting that.
upvoted 0 times
...
Arminda
5 months ago
Okay, I think I've got this. The `noshowpoint` manipulator only affects the output of the first float variable, so the output should be "10 10.123". The answer is D.
upvoted 0 times
...
Loreta
5 months ago
Okay, let's think this through. We want a secure tunneling protocol for the Site-to-Site VPN, so I'm leaning towards either IKEv2 or IPSec/L2TP. I'll review the pros and cons of each before making a decision.
upvoted 0 times
...
Daren
5 months ago
Okay, let me see. In an OSPF broadcast network, the Dothter router exchanges link state information with the DR Other routers, right? I'm pretty confident that's the right answer.
upvoted 0 times
...
Sabina
9 months ago
Ah, the joys of SD-WAN and DNS. Reminds me of the time I tried to set up a DNS server on a potato. Didn't end well, let me tell you.
upvoted 0 times
...
Ozell
9 months ago
Option A is really going the extra mile. Configuring a loopback interface just for DNS? That's some next-level stuff right there.
upvoted 0 times
...
Gladys
9 months ago
Haha, I bet the guy who wrote this question is a total DNS geek. Option B looks good to me, keep it simple!
upvoted 0 times
Stephaine
8 months ago
Definitely, let's go with Option B for the FortiGate DNS resolution.
upvoted 0 times
...
Laurel
8 months ago
I think Option B is the way to go for this scenario.
upvoted 0 times
...
Nan
8 months ago
Yeah, keeping it simple is always the best approach.
upvoted 0 times
...
Daniela
8 months ago
I agree, Option B seems like the simplest solution.
upvoted 0 times
...
...
Winfred
10 months ago
I'm leaning towards Option C. Using the DNS servers recommended by the providers might be a more robust solution.
upvoted 0 times
Mariann
8 months ago
User3: I'm not sure, but Option B also seems like a valid option. Using the FortiGate interface IPs in the source address could be beneficial.
upvoted 0 times
...
Jimmie
8 months ago
User2: I agree with User1. Option A sounds like it would help improve the FortiGate DNS resolution times.
upvoted 0 times
...
Carry
9 months ago
User1: I think Option A might be the best choice. Configuring local out traffic to use the outgoing interface based on SD-WAN rules seems like a good idea.
upvoted 0 times
...
...
Alfred
10 months ago
Option D seems like the way to go. Directly configuring the SD-WAN rule to the DNS server should help minimize the latency.
upvoted 0 times
Janine
8 months ago
C) I agree, it seems like the most efficient way to optimize DNS resolution on the FortiGate.
upvoted 0 times
...
Arlen
9 months ago
A) Yes, it should prioritize the traffic to the DNS server and reduce latency.
upvoted 0 times
...
Tamra
9 months ago
B) That sounds like a good solution. It should help improve the DNS resolution times.
upvoted 0 times
...
Hector
9 months ago
A) Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server.
upvoted 0 times
...
...
Marsha
10 months ago
Hmm, that's a valid point. Maybe we should consider both options and see which one works best in our specific scenario.
upvoted 0 times
...
Chun
11 months ago
I disagree, I believe option D is the better choice. It simplifies the configuration and still achieves the desired outcome.
upvoted 0 times
...
Marsha
11 months ago
I think we should go with option A. It seems like the most efficient way to ensure low DNS resolution times.
upvoted 0 times
...

Save Cancel