NSE7_OTS-7.2 Sample Questions Answers

Create a back-end backup network as a redundancy measure.

Implement SD-WAN to manage traffic on each ISP link.

Add additional internal firewalls to access OT devices.

Create more access policies to prevent unauthorized access.

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

Deploy a FortiGate device within each ICS network.

Configure firewall policies with web filter to protect the different ICS networks.

Configure firewall policies with industrial protocol sensors

Use segmentation

Device inventory reports

Payment card industry (PCI) logging reports

Configuration management database (CMDB) operational reports

Business service reports

Set a unique forward domain for each interface of the software switch.

Create a VLAN for each device and replace the current FGT-2 software switch members.

Enable explicit intra-switch policy to require firewall policies on FGT-2.

Implement policy routes on FGT-2 to control traffic between devices.

The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.

The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.

PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.

In order to communicate, PLC1 must be in the same VLAN as PLC2.

By inspecting software and software-based vulnerabilities

By inspecting applications only on nonprotected traffic

By inspecting applications with more granularity by inspecting subapplication traffic

By inspecting protocols used in the application traffic

It can be used for IoT device detection.

It can be used for industrial intrusion detection and prevention.

It can be used for network micro-segmentation.

It can be used for device profiling.

Add a new condition to filter Modbus traffic based on the source TCP/UDP port

The condition on the SubPattern filter must use the AND logical operator

the Aggregate section, set the attribute value to equal to or greater than 0

In the Group By section remove all attributes that are not configured in the Filter section

PLCs use IEEE802.1Q protocol to communicate each other.

An administrator can create firewall policies in the switch to secure between PLCs.

This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

There is no micro-segmentation in this topology.

IEC 104 is used for telecontrol SCADA in electrical engineering applications.

IEC 104 is IEC 101 compliant in old SCADA systems.

IEC 104 protects data transmission between OT devices and services.

IEC 104 uses non-TCP/IP standards.

You must set correct operator in event handler to trigger an event.

You can automate SOC tasks through playbooks.

Each playbook can include multiple triggers.

You cannot use Windows and Linux hosts security events with FortiSoC.

FortiGate receives traffic from configured port mirroring.

Network traffic goes through FortiGate.

FortiGate acts as network sensor.

Network attacks can be detected and blocked.

IPS must be enabled to inspect application signatures.

The application filter overrides the default action of some IEC 104 signatures.

IEC 104 signatures are all allowed except the C.BO.NA 1 signature.

SSL Inspection must be set to deep-inspection to correctly apply application control.

Services defined in the firewall policy.

Source defined as internet services in the firewall policy

Lowest to highest policy ID number

Destination defined as internet services in the firewall policy

Highest to lowest priority defined in the firewall policy

FortiSIEM

FortiManager

FortiAnalyzer

FortiGate

FortiNAC

Each traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

The management VDOM must have access to all global security services.

Each VDOM must have an independent security license.

Traffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

FortiNAC

FortiManager

FortiAnalyzer

FortiSIEM

FortiGate