NSE7_OTS-7.2

An administrator needs to implement proper protection on the OT network. Which three steps should an administrator take to protect the OT network? (Choose three.). Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer. Deploy a FortiGate device within each ICS network. Configure firewall policies with web filter to protect the different ICS networks. Configure firewall policies with industrial protocol sensors. Use segmentation.

An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication. What is a possible reason?. FortiGate determined the user by passive authentication. The user was determined by Security Fabric. Two-factor authentication is not configured with RADIUS authentication method. FortiNAC determined the user by DHCP fingerprint method.

Given the configurations on the FortiGate, which statement is true?. FortiGate is configured with forward-domains to reduce unnecessary traffic. FortiGate is configured with forward-domains to forward only domain controller traffic. FortiGate is configured with forward-domains to forward only company domain website traffic. FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network. Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.). You must set correct operator in event handler to trigger an event. You can automate SOC tasks through playbooks. Each playbook can include multiple triggers. You cannot use Windows and Linux hosts security events with FortiSoC.

You are investigating a series of incidents that occurred in the OT network over past 24 hours in FortiSIEM. Which three FortiSIEM options can you use to investigate these incidents? (Choose three.). Security. IPS. List. Risk. Overview.

Which statement about the interfaces shown in the exhibit is true?. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10. port1-vlan10 and port2-vlan10 are part of the same broadcast domain. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains.

When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?. Known trusted devices, each time they change location. All connected devices, each time they connect. Rogue devices, only when they connect for the first time. Rogue devices, each time they connect.

What two advantages does FortiNAC provide in the OT network? (Choose two.). It can be used for IoT device detection. It can be used for industrial intrusion detection and prevention. It can be used for network micro-segmentation. It can be used for device profiling.

What triggers Layer 2 polling of infrastructure devices connected in the network?. A failed Layer 3 poll. A matched security policy. matched profiling rule. A linkup or linkdown trap.

An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer. What are two possible reasons why the report output was empty? (Choose two.). The administrator selected the wrong logs to be indexed in FortiAnalyzer. The administrator selected the wrong time period for the report. The administrator selected the wrong devices in the Devices section. The administrator selected the wrong hcache table for the report.

An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device. Which statement about the industrial signature database on FortiGate is true?. A supervisor must purchase an industrial signature database and import it to the FortiGate. An administrator must create their own database using custom signatures. By default, the industrial database is enabled. A supervisor can enable it through the FortiGate CLI.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.). FortiGate for SD-WAN. FortiGate for application control and IPS. FortiNAC for network access control. FortiSIEM for security incident and event management. FortiEDR for endpoint detection.

What can be assigned using network access control policies?. Layer 3 polling intervals. FortiNAC device polling methods. Logical networks. Profiling rules.

As an OT administrator, it is important to understand how industrial protocols work in an OT network. Which communication method is used by the Modbus protocol?. It uses OSI Layer 2 and the primary device sends data based on request from secondary device. It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication. It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring. It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01. Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.). The FortiGate-Edge device must be in NAT mode. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01. The FortiGate devices is in offline IDS mode. Port5 is not a member of the software switch.

An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations. How can the OT network architect achieve this goal?. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network. Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network. Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW- 1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level. What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?. Set a unique forward domain for each interface of the software switch. Create a VLAN for each device and replace the current FGT-2 software switch members. Enable explicit intra-switch policy to require firewall policies on FGT-2. Implement policy routes on FGT-2 to control traffic between devices.

As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs. Which security sensor must implement to detect these types of industrial exploits?. Intrusion prevention system (IPS). Deep packet inspection (DPI). Antivirus inspection. Application control.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters. Which change must the OT network administrator make?. Set all application categories to apply default actions. Change the security action of the industrial category to monitor. Set the priority of the C.BO.NA.1 signature override to 1. Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Which statement is true about the traffic passing through to PLC-2?. IPS must be enabled to inspect application signatures. The application filter overrides the default action of some IEC 104 signatures. IEC 104 signatures are all allowed except the C.BO.NA 1 signature. SSL Inspection must be set to deep-inspection to correctly apply application control.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM. Which statement correctly describes the issue on the rule configuration?. The first condition on the SubPattern filter must use the OR logical operator. The attributes in the Group By section must match the ones in Fitters section. The Aggregate attribute COUNT expression is incompatible with the filters. The SubPattern is missing the filter to match the Modbus protocol.

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site. Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources. As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?. Configure outbound security policies with limited active authentication users of the thirdparty company. Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic. Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company. Implement an additional firewall using an additional upstream link to the internet.

Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS? (Choose two.). Modbus. NIST Cybersecurity. IEC 62443. IEC104.

Which two statements about the Modbus protocol are true?. Modbus uses UDP frames to transport MBAP and function codes. Most of the PLC brands come with a built-in Modbus module. You can implement Modbus networking settings on internetworking devices. Modbus is used to establish communication between intelligent devices.

Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.). FortiGate receives traffic from configured port mirroring. Network traffic goes through FortiGate. FortiGate acts as network sensor. Network attacks can be detected and blocked.

How can you achieve remote access and internet availability in an OT network?. Create a back-end backup network as a redundancy measure. Implement SD-WAN to manage traffic on each ISP link. Add additional internal firewalls to access OT devices. Create more access policies to prevent unauthorized access.

Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is designed to defend against intentional attacks?. Users with access to moderate resources. Users with low access to resources. Users with unintentional operator error. Users with substantial resources.

The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?. CMDB reports. Threat hunting reports. Compliance reports. OT/loT reports.

To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?. By inspecting software and software-based vulnerabilities. By inspecting applications only on nonprotected traffic. By inspecting applications with more granularity by inspecting subapplication traffic. By inspecting protocols used in the application traffic.

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.). Planning a threat hunting strategy. Implementing strategies to automatically bring PLCs offline. Creating disaster recovery plans to switch operations to a backup plant. Evaluating what can go wrong before it happens.

Which statement is correct about processing matched rogue devices by FortiNAC?. FortiNAC cannot revalidate matched devices. FortiNAC remembers the match ng rule of the rogue device. FortiNAC disables matching rule of previously-profiled rogue devices. FortiNAC matches the rogue device with only one device profiling rule.

You are assigned to implement a remote authentication server in the OT network. Which part of the hierarchy should the authentication server be part of?. Edge. Cloud. Core. Access.

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone. With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?. Enable transparent mode on the edge FortiGate device. Enable security profiles on all interfaces connected in the control area zone. Set up VPN tunnels between downstream and edge FortiGate devices. Create a software switch on each downstream FortiGate device.

FortiAnalyzer is implemented in the OT network to receive logs from responsible FortiGate devices. The logs must be processed by FortiAnalyzer. In this scenario, which statement is correct about the purpose of FortiAnalyzer receiving and processing multiple log messages from a given PLC or RTU?. To isolate PLCs or RTUs in the event of external attacks. To configure event handlers and take further action on FortiGate. To determine which type of messages from the PLC or RTU causes issues in the plant. To help OT administrators configure the network and prevent breaches.

The IPS profile is added on all of the security policies on FortiGate. For an OT network, which statement of the IPS profile is true?. FortiGate has no IPS industrial signature database enabled. The listed IPS signatures are classified as SCADAapphcat nns. All IPS signatures are overridden and must block traffic match signature patterns. The IPS profile inspects only traffic originating from SCADA equipment.

With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?. Each traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates. The management VDOM must have access to all global security services. Each VDOM must have an independent security license. Traffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW- 1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other. Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.). The switch on FGT-2 must be hardware to implement micro-segmentation. Micro-segmentation on FGT-2 prevents direct device-to-device communication. Traffic must be inspected by FGT-EDGE in OT networks. FGT-2 controls intra-VLAN traffic through firewall policies.

Which three Fortinet products can you use for device identification in an OT industrial control system (ICS)? (Choose three.). FortiSIEM. FortiManager. FortiAnalyzer. FortiGate. FortiNAC.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?. Set a unique forward domain on each interface on the network. Set FortiGate to operate in transparent mode. Set a software switch on FortiGate to handle inter-VLAN traffic. Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

The OT network analyst run different level of reports to quickly explore failures that could put the network at risk. Such reports can be about device performance. Which FortiSIEM reporting method helps to identify device failures?. Business service reports. Device inventory reports. CMDB operational reports. Active dependent rules reports.

Which statemenl about the IEC 104 protocol is true?. IEC 104 is used for telecontrol SCADA in electrical engineering applications. IEC 104 is IEC 101 compliant in old SCADA systems. IEC 104 protects data transmission between OT devices and services. IEC 104 uses non-TCP/IP standards.

Which statement is true about application control inspection?. The industrial application control inspection process is unique among application categories. Security actions cannot be applied on the lowest level of the hierarchy. You can control security actions only on the parent-level application signature. The parent signature takes precedence over the child application signature.

Which statement about some of the generated report elements from FortiAnalyzer is true?. The report confirms Modbus and IEC 104 are the key applications crossing the network. FortiGate collects the logs and generates the report to FortiAnalyzer. The file types confirm the infected applications on the PLCs. This report is predefined and is not available for customization.

What are two benefits of a Nozomi integration with FortiNAC? (Choose two.). Enhanced point of connection details. Direct VLAN assignment. Adapter consolidation for multi-adapter hosts. Importation and classification of hosts.

Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.). Services defined in the firewall policy. Source defined as internet services in the firewall policy. Lowest to highest policy ID number. Destination defined as internet services in the firewall policy. Highest to lowest priority defined in the firewall policy.

Which statement about the output is true?. This is a sample of a FortiAnalyzer system interface event log. This is a sample of an SNMP temperature control event log. This is a sample of a PAM event type. This is a sample of FortiGate interface statistics.

Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.). FortiNAC. FortiManager. FortiAnalyzer. FortiSIEM. FortiGate.

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall. Which statement about the topology is true?. PLCs use IEEE802.1Q protocol to communicate each other. An administrator can create firewall policies in the switch to secure between PLCs. This integration solution expands VLAN capabilities from Layer 2 to Layer 3. There is no micro-segmentation in this topology.

In a wireless network integration, how does FortiNAC obtain connecting MAC address information?. RADIUS. Link traps. End station traffic monitoring. MAC notification traps.

Which three common breach points can be found in a typical OT environment? (Choose three.). Global hat. Hard hat. VLAN exploits. Black hat. RTU exploits.

You are navigating through FortiSIEM in an OT network. How do you view information presented in the exhibit and what does the FortiGate device security status tell you?. In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device. In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device. In the widget dashboard and there are one or more high-severity incidents for the FortiGate device. In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.

An OT network administrator is trying to implement active authentication. Which two methods should the administrator use to achieve this? (Choose two.). Two-factor authentication on FortiAuthenticator. Role-based authentication on FortiNAC. FSSO authentication on FortiGate. Local authentication on FortiGate.

An OT administrator ran a report to identify device inventory in an OT network. Based on the report results, which report was run?. A FortiSIEM CMDB report. A FortiAnalyzer device report. A FortiSIEM incident report. A FortiSIEM analytics report.

An OT administrator deployed many devices to secure the OT network. However, the SOC team is reporting that there are too many alerts, and that many of the alerts are false positive. The OT administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves time, and saves resources. Which products should the administrator deploy to address these issues and automate most of the manual tasks done by the SOC team?. FortiSIEM and FortiManager. FortiSandbox and FortiSIEM. FortiSOAR and FortiSIEM. A syslog server and FortiSIEM.

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What must you do to achieve this objective?. You must use a FortiAuthenticator. You must register the same FortiToken on more than one FortiGate. You must use the user self-registration server. You must use a third-party RADIUS OTP server.

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication. What should the OT supervisor do to achieve this on FortiGate?. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies. Enable two-factor authentication with FSSO. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies. Under config user settings configure set auth-on-demand implicit.

An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks. On which device can this be accomplished?. FortiGate. FortiEDR. FortiSwitch. FortiNAC.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.). Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices. IT and OT networks are separated by segmentation. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.

Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.). SNMP. ICMP. API. RADIUS. TACACS.

An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue modelprocess control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network. What statement about the traffic between PLC1 and PLC2 is true?. The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device. The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link. PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device. In order to communicate, PLC1 must be in the same VLAN as PLC2.

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM. Which step must the administrator take to achieve this task?. Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate. Create a notification policy and define a script/remediation on FortiSIEM. Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM. Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

When you create a user or host profile, which three criteria can you use? (Choose three.). Host or user group memberships. Administrative group membership. An existing access control policy. Location. Host or user attributes.