Pass the Fortinet NSE 7 Network Security Architect NSE7_OTS-7.2 Questions and answers with ValidTests

Exam NSE7_OTS-7.2 Premium Access

View all detail and faqs for the NSE7_OTS-7.2 exam

Go to Exam

Viewing page 3 out of 3 pages

Viewing questions 21-30 out of questions

Questions # 21:

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

Options:

It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.

It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.

It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

Expert Solution

Questions # 22:

Refer to the exhibit.

Question # 22

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Options:

Edge

Cloud

Core

Access

Expert Solution

Questions # 23:

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

Options:

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

Deploy a FortiGate device within each ICS network.

Configure firewall policies with web filter to protect the different ICS networks.

Configure firewall policies with industrial protocol sensors

Use segmentation

Expert Solution

Questions # 24:

FortiAnalyzer is implemented in the OT network to receive logs from responsible FortiGate devices. The logs must be processed by FortiAnalyzer.

In this scenario, which statement is correct about the purpose of FortiAnalyzer receiving and processing multiple log messages from a given PLC or RTU?

Options:

To isolate PLCs or RTUs in the event of external attacks

To configure event handlers and take further action on FortiGate

To determine which type of messages from the PLC or RTU causes issues in the plant

To help OT administrators configure the network and prevent breaches

Expert Solution

Questions # 25:

Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Options:

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Expert Solution

Answer

Explanation

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1: NSE 7 Network Security Architect - Fortinet

Questions # 26:

What triggers Layer 2 polling of infrastructure devices connected in the network?

Options:

A failed Layer 3 poll

A matched security policy

A matched profiling rule

A linkup or linkdown trap

Expert Solution

Questions # 27:

Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

Options:

FortiGate is configured with forward-domains to reduce unnecessary traffic.

FortiGate is configured with forward-domains to forward only domain controller traffic.

FortiGate is configured with forward-domains to forward only company domain website traffic.

FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

Expert Solution

Questions # 28:

Which three common breach points can you find in a typical OT environment? (Choose three.)

Options:

Black hat

VLAN exploits

Global hat

RTU exploits

Hard hat

Expert Solution

Questions # 29:

Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is designed to defend against intentional attacks?

Options:

Users with access to moderate resources

Users with low access to resources

Users with unintentional operator error

Users with substantial resources

Expert Solution

Questions # 30:

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.

What should the OT supervisor do to achieve this on FortiGate?

Options:

Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

Enable two-factor authentication with FSSO.

Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.

Under config user settings configure set auth-on-demand implicit.

Expert Solution

Viewing page 3 out of 3 pages

Viewing questions 21-30 out of questions

Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Pass the Fortinet NSE 7 Network Security Architect NSE7_OTS-7.2 Questions and answers with ValidTests

Exam NSE7_OTS-7.2 Premium Access

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options: