NSE 8 – Network Security Expert (812) — Question 65

SD-WAN is configured on a FortiGate. You notice that when one of the internet links has high latency the time to resolve names using DNS from FortiGate is very high.
You must ensure that the FortiGate DNS resolution times are as low as possible with the least amount of work.
What should you configure?

Answer options

• A. Configure local out traffic to use the outgoing interface based on SD-WAN rules with a manual defined IP associated to a loopback interface and configure an SD-WAN rule from the loopback to the DNS server.
• B. Configure an SD-WAN rule to the DNS server and use the FortiGate interface IPs in the source address.
• C. Configure two DNS servers and use DNS servers recommended by the two internet providers.
• D. Configure local out traffic to use the outgoing interface based on SD-WAN rules with the interface IP and configure an SD-WAN rule to the DNS server.

Correct answer: D

Explanation

The correct answer is D because it effectively routes local outgoing traffic based on SD-WAN rules, ensuring that DNS queries use the most appropriate outgoing interface for optimal performance. Options A and B do not utilize the interface IP properly for local traffic management, while option C does not address the need for efficient routing through SD-WAN rules.