NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

You must use a FortiAuthenticator.

You must register the same FortiToken on more than one FortiGate.

You must use the user self-registration server.

You must use a third-party RADIUS OTP server.

A supervisor must purchase an industrial signature database and import it to the FortiGate.

An administrator must create their own database using custom signatures.

By default, the industrial database is enabled.

A supervisor can enable it through the FortiGate CLI.

IEC 104 is used for telecontrol SCADA in electrical engineering applications.

IEC 104 is IEC 101 compliant in old SCADA systems.

IEC 104 protects data transmission between OT devices and services.

IEC 104 uses non-TCP/IP standards.

The first condition on the SubPattern filter must use the OR logical operator.

The attributes in the Group By section must match the ones in Fitters section.

The Aggregate attribute COUNT expression is incompatible with the filters.

The SubPattern is missing the filter to match the Modbus protocol.

Intrusion prevention system (IPS)

Deep packet inspection (DPI)

Antivirus inspection

Application control

Modbus uses UDP frames to transport MBAP and function codes.

Most of the PLC brands come with a built-in Modbus module.

You can implement Modbus networking settings on internetworking devices.

Modbus is used to establish communication between intelligent devices.

Configure outbound security policies with limited active authentication users of the third-party company.

Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.

Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.

Implement an additional firewall using an additional upstream link to the internet.

FortiGate has no IPS industrial signature database enabled.

The listed IPS signatures are classified as SCADAapphcat nns

All IPS signatures are overridden and must block traffic match signature patterns.

The IPS profile inspects only traffic originating from SCADA equipment.

To isolate PLCs or RTUs in the event of external attacks

To configure event handlers and take further action on FortiGate

To determine which type of messages from the PLC or RTU causes issues in the plant

To help OT administrators configure the network and prevent breaches

Set a unique forward domain on each interface on the network.

Set FortiGate to operate in transparent mode.

Set a software switch on FortiGate to handle inter-VLAN traffic.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Global hat

Hard hat

VLAN exploits

Black hat

RTU exploits

Business service reports

Device inventory reports

CMDB operational reports

Active dependent rules reports

port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.

The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain

port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Each traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

The management VDOM must have access to all global security services.

Each VDOM must have an independent security license.

Traffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

Edge

Cloud

Core

Access