NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Known trusted devices, each time they change location

All connected devices, each time they connect

Rogue devices, only when they connect for the first time

Rogue devices, each time they connect

CMDB reports

Threat hunting reports

Compliance reports

OT/loT reports

It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.

It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.

It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

Layer 3 polling intervals

FortiNAC device polling methods

Logical networks

Profiling rules

Global hat

Hard hat

VLAN exploits

Black hat

RTU exploits

To determine which type of messages from the PLC or RTU causes issues in the plant

To isolate PLCs or RTUs in the event of external attacks

To help OT administrators troubleshoot and diagnose the OT network

To track external threats and prevent them attacking the OT network

PLCs use IEEE802.1Q protocol to communicate each other.

An administrator can create firewall policies in the switch to secure between PLCs.

This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

There is no micro-segmentation in this topology.

Configure outbound security policies with limited active authentication users of the third-party company.

Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.

Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.

Implement an additional firewall using an additional upstream link to the internet.

Services defined in the firewall policy.

Source defined as internet services in the firewall policy

Lowest to highest policy ID number

Destination defined as internet services in the firewall policy

Highest to lowest priority defined in the firewall policy

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

Deploy a FortiGate device within each ICS network.

Configure firewall policies with web filter to protect the different ICS networks.

Configure firewall policies with industrial protocol sensors

Use segmentation

A supervisor must purchase an industrial signature database and import it to the FortiGate.

An administrator must create their own database using custom signatures.

By default, the industrial database is enabled.

A supervisor can enable it through the FortiGate CLI.

Add a new condition to filter Modbus traffic based on the source TCP/UDP port

The condition on the SubPattern filter must use the AND logical operator

the Aggregate section, set the attribute value to equal to or greater than 0

In the Group By section remove all attributes that are not configured in the Filter section

FortiGate

FortiEDR

FortiSwitch

FortiNAC

This is a sample of a FortiAnalyzer system interface event log.

This is a sample of an SNMP temperature control event log.

This is a sample of a PAM event type.

This is a sample of FortiGate interface statistics.

Users with access to moderate resources

Users with low access to resources

Users with unintentional operator error

Users with substantial resources

It can be used for IoT device detection.

It can be used for industrial intrusion detection and prevention.

It can be used for network micro-segmentation.

It can be used for device profiling.

FortiNAC cannot revalidate matched devices.

FortiNAC remembers the match ng rule of the rogue device

FortiNAC disables matching rule of previously-profiled rogue devices.

FortiNAC matches the rogue device with only one device profiling rule.