ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_OTS-7.2

Fortinet NSE7_OTS-7.2 Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site. Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources. As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?
Refer to the exhibit. You are assigned to implement a remote authentication server in the OT network. Which part of the hierarchy should the authentication server be part of?
To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network. What statement about the traffic between PLC1 and PLC2 is true?
As an OT administrator, it is important to understand how industrial protocols work in an OT network. Which communication method is used by the Modbus protocol?
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM. Which step must the administrator take to achieve this task?
With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs. Which security sensor must implement to detect these types of industrial exploits?
Which three common breach points can be found in a typical OT environment? (Choose three.)
Refer to the exhibit. An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01. Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

Question 31

Report
Export
Collapse

Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

A.
FortiGate for SD-WAN
A.
FortiGate for SD-WAN
Answers
B.
FortiGate for application control and IPS
B.
FortiGate for application control and IPS
Answers
C.
FortiNAC for network access control
C.
FortiNAC for network access control
Answers
D.
FortiSIEM for security incident and event management
D.
FortiSIEM for security incident and event management
Answers
E.
FortiEDR for endpoint detection
E.
FortiEDR for endpoint detection
Answers
Suggested answer: B, C, E

Question 32

Report
Export
Collapse

What can be assigned using network access control policies?

A.
Layer 3 polling intervals
A.
Layer 3 polling intervals
Answers
B.
FortiNAC device polling methods
B.
FortiNAC device polling methods
Answers
C.
Logical networks
C.
Logical networks
Answers
D.
Profiling rules
D.
Profiling rules
Answers
Suggested answer: C

Question 33

Report
Export
Collapse

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

A.
It uses OSI Layer 2 and the primary device sends data based on request from secondary device.
A.
It uses OSI Layer 2 and the primary device sends data based on request from secondary device.
Answers
B.
It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.
B.
It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.
Answers
C.
It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.
C.
It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.
Answers
D.
It uses OSI Layer 2 and the secondary device sends data based on request from primary device.
D.
It uses OSI Layer 2 and the secondary device sends data based on request from primary device.
Answers
Suggested answer: D

Question 34

Report
Export
Collapse

Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.

Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

A.
The FortiGate-Edge device must be in NAT mode.
A.
The FortiGate-Edge device must be in NAT mode.
Answers
B.
NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
B.
NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
Answers
C.
The FortiGate devices is in offline IDS mode.
C.
The FortiGate devices is in offline IDS mode.
Answers
D.
Port5 is not a member of the software switch.
D.
Port5 is not a member of the software switch.
Answers
Suggested answer: A, B

Question 35

Report
Export
Collapse

An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.

How can the OT network architect achieve this goal?

A.
Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.
A.
Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.
Answers
B.
Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
B.
Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
Answers
C.
Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.
C.
Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.
Answers
D.
Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.
D.
Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.
Answers
Suggested answer: C

Explanation:

This way, FortiSIEM can discover and monitor everything attached to the remote network and provide security visibility to the corporate network

Question 36

Report
Export
Collapse

Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.

What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

A.
Set a unique forward domain for each interface of the software switch.
A.
Set a unique forward domain for each interface of the software switch.
Answers
B.
Create a VLAN for each device and replace the current FGT-2 software switch members.
B.
Create a VLAN for each device and replace the current FGT-2 software switch members.
Answers
C.
Enable explicit intra-switch policy to require firewall policies on FGT-2.
C.
Enable explicit intra-switch policy to require firewall policies on FGT-2.
Answers
D.
Implement policy routes on FGT-2 to control traffic between devices.
D.
Implement policy routes on FGT-2 to control traffic between devices.
Answers
Suggested answer: A, B

Question 37

Report
Export
Collapse

As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.

Which security sensor must implement to detect these types of industrial exploits?

A.
Intrusion prevention system (IPS)
A.
Intrusion prevention system (IPS)
Answers
B.
Deep packet inspection (DPI)
B.
Deep packet inspection (DPI)
Answers
C.
Antivirus inspection
C.
Antivirus inspection
Answers
D.
Application control
D.
Application control
Answers
Suggested answer: D

Question 38

Report
Export
Collapse

Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

A.
Set all application categories to apply default actions.
A.
Set all application categories to apply default actions.
Answers
B.
Change the security action of the industrial category to monitor.
B.
Change the security action of the industrial category to monitor.
Answers
C.
Set the priority of the C.BO.NA.1 signature override to 1.
C.
Set the priority of the C.BO.NA.1 signature override to 1.
Answers
D.
Remove IEC.60870.5.104 Information.Transfer from the first filter override.
D.
Remove IEC.60870.5.104 Information.Transfer from the first filter override.
Answers
Suggested answer: D

Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category and network protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1:NSE 7 Network Security Architect - Fortinet

Question 39

Report
Export
Collapse

Refer to the exhibits.

Which statement is true about the traffic passing through to PLC-2?

A.
IPS must be enabled to inspect application signatures.
A.
IPS must be enabled to inspect application signatures.
Answers
B.
The application filter overrides the default action of some IEC 104 signatures.
B.
The application filter overrides the default action of some IEC 104 signatures.
Answers
C.
IEC 104 signatures are all allowed except the C.BO.NA 1 signature.
C.
IEC 104 signatures are all allowed except the C.BO.NA 1 signature.
Answers
D.
SSL Inspection must be set to deep-inspection to correctly apply application control.
D.
SSL Inspection must be set to deep-inspection to correctly apply application control.
Answers
Suggested answer: B

Question 40

Report
Export
Collapse

Refer to the exhibit.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

A.
The first condition on the SubPattern filter must use the OR logical operator.
A.
The first condition on the SubPattern filter must use the OR logical operator.
Answers
B.
The attributes in the Group By section must match the ones in Fitters section.
B.
The attributes in the Group By section must match the ones in Fitters section.
Answers
C.
The Aggregate attribute COUNT expression is incompatible with the filters.
C.
The Aggregate attribute COUNT expression is incompatible with the filters.
Answers
D.
The SubPattern is missing the filter to match the Modbus protocol.
D.
The SubPattern is missing the filter to match the Modbus protocol.
Answers
Suggested answer: B
Total 62 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms