• ホーム
  • ブログ
  • リアルNSE7_OTS-7.2問題集でFortinet正確な解答2024年最新版を試そう [Q24-Q46]

リアルNSE7_OTS-7.2問題集でFortinet正確な解答2024年最新版を試そう [Q24-Q46]

Share

リアルNSE7_OTS-7.2問題集でFortinet正確な解答2024年最新版を試そう

NSE 7 Network Security Architect NSE7_OTS-7.2試験練習問題集

質問 # 24
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?

  • A. FortiSwitch
  • B. FortiNAC
  • C. FortiGate
  • D. FortiEDR

正解:C

解説:
Explanation
An OT network architect can accomplish the goal of securing control area zones with a single network access policy to provision devices to any number of different networks on a FortiGate device.


質問 # 25
Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

  • A. FortiGate for SD-WAN
  • B. FortiEDR for endpoint detection
  • C. FortiNAC for network access control
  • D. FortiGate for application control and IPS
  • E. FortiSIEM for security incident and event management

正解:B、C、D


質問 # 26
Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)?
(Choose three.)

  • A. FortiManager
  • B. FortiNAC
  • C. FortiGate
  • D. FortiSIEM
  • E. FortiAnalyzer

正解:B、C、D

解説:
Explanation
A: FortiNAC - FortiNAC is a network access control solution that provides visibility and control over network devices. It can identify devices, enforce access policies, and automate threat response.
D: FortiSIEM - FortiSIEM is a security information and event management solution that can collect and analyze data from multiple sources, including network devices and servers. It can help identify potential security threats, as well as monitor compliance with security policies and regulations.
E: FortiAnalyzer - FortiAnalyzer is a central logging and reporting solution that collects and analyzes data from multiple sources, including FortiNAC and FortiSIEM. It can provide insights into network activity and help identify anomalies or security threats.


質問 # 27
Refer to the exhibit and analyze the output.

Which statement about the output is true?

  • A. This is a sample of an SNMP temperature control event log.
  • B. This is a sample of a PAM event type.
  • C. This is a sample of FortiGate interface statistics.
  • D. This is a sample of a FortiAnalyzer system interface event log.

正解:B


質問 # 28
Refer to the exhibit.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

  • A. IT and OT networks are separated by segmentation.
  • B. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
  • C. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.
  • D. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.

正解:A、B


質問 # 29
Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.)

  • A. Network attacks can be detected and blocked.
  • B. FortiGate acts as network sensor.
  • C. FortiGate receives traffic from configured port mirroring.
  • D. Network traffic goes through FortiGate.

正解:B、D


質問 # 30
An OT administrator deployed many devices to secure the OT network. However, the SOC team is reporting that there are too many alerts, and that many of the alerts are false positive. The OT administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves time, and saves resources.
Which products should the administrator deploy to address these issues and automate most of the manual tasks done by the SOC team?

  • A. FortiSandbox and FortiSIEM
  • B. A syslog server and FortiSIEM
  • C. FortiSIEM and FortiManager
  • D. FortiSOAR and FortiSIEM

正解:D


質問 # 31
Refer to the exhibit.

You are navigating through FortiSIEM in an OT network.
How do you view information presented in the exhibit and what does the FortiGate device security status tell you?

  • A. In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.
  • B. In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.
  • C. In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.
  • D. In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.

正解:D


質問 # 32
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?

  • A. RADIUS
  • B. MAC notification traps
  • C. End station traffic monitoring
  • D. Link traps

正解:A

解説:
Explanation
FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients that authenticate through the RADIUS server.


質問 # 33
An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?

  • A. By default, the industrial database is enabled.
  • B. A supervisor must purchase an industrial signature database and import it to the FortiGate.
  • C. An administrator must create their own database using custom signatures.
  • D. A supervisor can enable it through the FortiGate CLI.

正解:D


質問 # 34
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

  • A. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
  • B. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
  • C. Enable two-factor authentication with FSSO.
  • D. Under config user settings configure set auth-on-demand implicit.

正解:A

解説:
Explanation
The OT supervisor should configure a firewall policy with FSSO users and place it on the top of list of firewall policies in order to achieve the goal of authenticating users against passive authentication first and, if passive authentication is not successful, then challenging them with active authentication.


質問 # 35
An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.
How can the OT network architect achieve this goal?

  • A. Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.
  • B. Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
  • C. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.
  • D. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.

正解:D

解説:
Explanation
This way, FortiSIEM can discover and monitor everything attached to the remote network and provide security visibility to the corporate network


質問 # 36
Which three common breach points can be found in a typical OT environment? (Choose three.)

  • A. Hard hat
  • B. Global hat
  • C. RTU exploits
  • D. Black hat
  • E. VLAN exploits

正解:A、C、D


質問 # 37
What can be assigned using network access control policies?

  • A. FortiNAC device polling methods
  • B. Profiling rules
  • C. Layer 3 polling intervals
  • D. Logical networks

正解:D


質問 # 38
Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.
Which three steps should an administrator take to protect the OT network? (Choose three.)

  • A. Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.
  • B. Use segmentation
  • C. Deploy a FortiGate device within each ICS network.
  • D. Configure firewall policies with web filter to protect the different ICS networks.
  • E. Configure firewall policies with industrial protocol sensors

正解:A、D、E


質問 # 39
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs.
All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true?

  • A. PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
  • B. In order to communicate, PLC1 must be in the same VLAN as PLC2.
  • C. The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.
  • D. The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.

正解:A

解説:
Explanation
The statement that is true about the traffic between PLC1 and PLC2 is that PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.


質問 # 40
Refer to the exhibit.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.
Which statement correctly describes the issue on the rule configuration?

  • A. The SubPattern is missing the filter to match the Modbus protocol.
  • B. The first condition on the SubPattern filter must use the OR logical operator.
  • C. The Aggregate attribute COUNT expression is incompatible with the filters.
  • D. The attributes in the Group By section must match the ones in Fitters section.

正解:D


質問 # 41
How can you achieve remote access and internel availability in an OT network?

  • A. Create a back-end backup network as a redundancy measure.
  • B. Implement SD-WAN to manage traffic on each ISP link.
  • C. Add additional internal firewalls to access OT devices.
  • D. Create more access policies to prevent unauthorized access.

正解:B


質問 # 42
Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

  • A. The FortiGate-Edge device must be in NAT mode.
  • B. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
  • C. Port5 is not a member of the software switch.
  • D. The FortiGate devices is in offline IDS mode.

正解:A、B


質問 # 43
As an OT administrator, it is important to understand how industrial protocols work in an OT network.
Which communication method is used by the Modbus protocol?

  • A. It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.
  • B. It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.
  • C. It uses OSI Layer 2 and the secondary device sends data based on request from primary device.
  • D. It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

正解:C


質問 # 44
......

NSE7_OTS-7.2試験合格を準備するため 今すぐ弊社のNSE 7 Network Security Architect試験パッケージお試そう:https://www.goshiken.com/Fortinet/NSE7_OTS-7.2-mondaishu.html

NSE7_OTS-7.2プレミアム資料でテストPDF無料問題集お試しセット:https://drive.google.com/open?id=1jcpn8qjYqzOXpfssVur-zTN1zFF0FXza

関するブログ

もっと
NSE7_OTS-7.2無料問題集