Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet NSE7_OTS-7.2 - Fortinet NSE 7 - OT Security 7.2

Fortinet NSE7_OTS-7.2 Premium Access     Download Demo    
Page: 1 / 2
Total 69 questions

Which statement about the IEC 104 protocol is true?

A.

IEC 104 is used for telecontrol SCADA in electrical engineering applications.

B.

IEC 104 is IEC 101 compliant in old SCADA systems.

C.

IEC 104 protects data transmission between OT devices and services.

D.

IEC 104 uses non-TCP/IP standards.

An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.

What are two possible reasons why the report output was empty? (Choose two.)

A.

The administrator selected the wrong logs to be indexed in FortiAnalyzer.

B.

The administrator selected the wrong time period for the report.

C.

The administrator selected the wrong devices in the Devices section.

D.

The administrator selected the wrong hcache table for the report.

Which three Fortinet products can you use for device identification in an OT industrial control system (ICS)? (Choose three.)

A.

FortiSIEM

B.

FortiManager

C.

FortiAnalyzer

D.

FortiGate

E.

FortiNAC

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.

With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

A.

Enable transparent mode on the edge FortiGate device.

B.

Enable security profiles on all interfaces connected in the control area zone.

C.

Set up VPN tunnels between downstream and edge FortiGate devices.

D.

Create a software switch on each downstream FortiGate device.

What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

A.

Enhanced point of connection details

B.

Direct VLAN assignment

C.

Adapter consolidation for multi-adapter hosts

D.

Importation and classification of hosts

Refer to the exhibit.

You are creating a new operational technology (OT) rule to monitor Modbus protocol traffic on FortiSIEM

Which action must you take to ensure that all Modbus messages on the network match the rule?

A.

Add a new condition to filter Modbus traffic based on the source TCP/UDP port

B.

The condition on the SubPattern filter must use the AND logical operator

C.

the Aggregate section, set the attribute value to equal to or greater than 0

D.

In the Group By section remove all attributes that are not configured in the Filter section

As an OT network administrator you are managing three FortiGate devices that each protect different levels on the Purdue model To increase traffic visibility you are required to implement additional security measures to detect protocols from PLCs

Which security sensor must you implement to detect protocols on the OT network?

A.

Endpoint Detection and Response (EDR)

B.

Deep packet inspection (DPI)

C.

Intrusion prevention system (IPS)

D.

Application control (AC)

Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS? (Choose two.)

A.

Modbus

B.

NIST Cybersecurity

C.

IEC 62443

D.

IEC104

Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

A.

FortiGate for SD-WAN

B.

FortiGate for application control and IPS

C.

FortiNAC for network access control

D.

FortiSIEM for security incident and event management

E.

FortiEDR for endpoint detection

Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

A.

Set a unique forward domain on each interface on the network.

B.

Set FortiGate to operate in transparent mode.

C.

Set a software switch on FortiGate to handle inter-VLAN traffic.

D.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.