NSE7_OTS-7.2 Exam Dumps - Fortinet NSE 7 - OT Security 7.2

Go to page:

Question # 9

Which three common breach points can be found in a typical OT environment? (Choose three.)

Global hat

Hard hat

VLAN exploits

Black hat

RTU exploits

Full Access

Question # 10

An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.

What statement about the traffic between PLC1 and PLC2 is true?

The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.

The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.

PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.

In order to communicate, PLC1 must be in the same VLAN as PLC2.

Full Access

Question # 11

When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

Known trusted devices, each time they change location

All connected devices, each time they connect

Rogue devices, only when they connect for the first time

Rogue devices, each time they connect

Full Access

Question # 12

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.

What should the OT supervisor do to achieve this on FortiGate?

Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

Enable two-factor authentication with FSSO.

Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.

Under config user settings configure set auth-on-demand implicit.

Full Access

Question # 13

Refer to the exhibit.

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Edge

Cloud

Core

Access

Full Access

Question # 14

As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.

Which security sensor must implement to detect these types of industrial exploits?

Intrusion prevention system (IPS)

Deep packet inspection (DPI)

Antivirus inspection

Application control

Full Access

Question # 15

How can you achieve remote access and internet availability in an OT network?

Create a back-end backup network as a redundancy measure.

Implement SD-WAN to manage traffic on each ISP link.

Add additional internal firewalls to access OT devices.

Create more access policies to prevent unauthorized access.

Full Access

Question # 16

Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Full Access

Answer:

Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1:Â NSE 7 Network Security Architect - Fortinet

Go to page: