Fortinet NSE7_OTS-7.2 - Fortinet NSE 7 - OT Security 7.2

Fortinet NSE7_OTS-7.2 Premium Access Download Demo

Page: 1 / 2
Total 69 questions

Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.)

FortiNAC

FortiManager

FortiAnalyzer

FortiSIEM

FortiGate

Question # 2

As an OT network administrator you are managing three FortiGate devices that each protect different levels on the Purdue model To increase traffic visibility you are required to implement additional security measures to detect protocols from PLCs

Which security sensor must you implement to detect protocols on the OT network?

Endpoint Detection and Response (EDR)

Deep packet inspection (DPI)

Intrusion prevention system (IPS)

Application control (AC)

Question # 3

in an operation technology (OT) network FortiAnalyzer is used to receive and process logs from responsible FortiGate devices

Which statement about why FortiAnalyzer is receiving and processing multiple tog messages from a given programmable logic controller (PLC) or remote terminal unit (RTU) is true'?

To determine which type of messages from the PLC or RTU causes issues in the plant

To isolate PLCs or RTUs in the event of external attacks

To help OT administrators troubleshoot and diagnose the OT network

To track external threats and prevent them attacking the OT network

Question # 4

An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.

On which device can this be accomplished?

FortiGate

FortiEDR

FortiSwitch

FortiNAC

Question # 5

Refer to the exhibit.

You are creating a new operational technology (OT) rule to monitor Modbus protocol traffic on FortiSIEM

Which action must you take to ensure that all Modbus messages on the network match the rule?

Add a new condition to filter Modbus traffic based on the source TCP/UDP port

The condition on the SubPattern filter must use the AND logical operator

the Aggregate section, set the attribute value to equal to or greater than 0

In the Group By section remove all attributes that are not configured in the Filter section

Question # 6

Refer to the exhibit.

You are navigating through FortiSIEM in an OT network.

How do you view information presented in the exhibit and what does the FortiGate device security status tell you?

In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.

In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.

In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.

In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.

Question # 7

Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1:Â NSE 7 Network Security Architect - Fortinet

Question # 8

An OT administrator deployed many devices to secure the OT network. However, the SOC team is reporting that there are too many alerts, and that many of the alerts are false positive. The OT administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves time, and saves resources.

Which products should the administrator deploy to address these issues and automate most of the manual tasks done by the SOC team?

FortiSIEM and FortiManager

FortiSandbox and FortiSIEM

FortiSOAR and FortiSIEM

A syslog server and FortiSIEM

Question # 9

Which three common breach points can you find in a typical OT environment? (Choose three.)

Black hat

VLAN exploits

Global hat

RTU exploits

Hard hat

Question # 10

Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.

What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

Set a unique forward domain for each interface of the software switch.

Create a VLAN for each device and replace the current FGT-2 software switch members.

Enable explicit intra-switch policy to require firewall policies on FGT-2.

Implement policy routes on FGT-2 to control traffic between devices.

Halloween Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE7_OTS-7.2 - Fortinet NSE 7 - OT Security 7.2

The Answer Is:

Explanation:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

Explanation:

The Answer Is:

The Answer Is:

The Answer Is: