NSE 8 – Network Security Expert (812) — Question 71

A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.
Which two statements are true regarding the requirements? (Choose two.)

Answer options

• A. FortiGate can perform SSH access proxy host-key validation.
• B. You need to configure a FortiClient SSL-VPN tunnel to inspect the SSH traffic.
• C. SSH traffic is tunneled between the client and the access proxy over HTTPS.
• D. Traffic is discarded as ZTNA does not support SSH connection rules.

Correct answer: A, C

Explanation

The correct answers, A and C, are accurate because FortiGate can indeed validate SSH access proxy host-keys, and SSH traffic is tunneled over HTTPS for security. Option B is incorrect as an SSL-VPN tunnel is not necessary for SSH traffic inspection with ZTNA, and option D is also wrong because ZTNA supports SSH connection rules, allowing for traffic inspection.