Fortinet nse7-ots-6-4 practice test
Fortinet NSE 7 - OT Security 6.4 Exam
Last exam update: Jul 20 ,2024
Question 1
Refer to the exhibit.
Which statement about the interfaces shown in the exhibit is true?
- A. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.
- B. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.
- C. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
- D. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains
Answer:
D
Question 2
You are investigating a series of incidents that occurred in the OT network over past 24 hours in
FortiSIEM.
Which three FortiSIEM options can you use to investigate these incidents? (Choose three.)
- A. Security
- B. IPS
- C. List
- D. Risk
- E. Overview
Answer:
C, D, E
Question 3
An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and
block any unauthorized access to FortiGate devices in an OT network.
Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)
- A. You must set correct operator in event handler to trigger an event.
- B. You can automate SOC tasks through playbooks.
- C. Each playbook can include multiple triggers.
- D. You cannot use Windows and Linux hosts security events with FortiSoC.
Answer:
B, C
Explanation:
Ref:
https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/268882/fortisoc
Question 4
Refer to the exhibit.
Given the configurations on the FortiGate, which statement is true?
- A. FortiGate is configured with forward-domains to reduce unnecessary traffic.
- B. FortiGate is configured with forward-domains to forward only domain controller traffic.
- C. FortiGate is configured with forward-domains to forward only company domain website traffic.
- D. FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.
Answer:
A
Question 5
An OT administrator has configured FSSO and local firewall authentication. A user who is part of a
user group is not prompted from credentials during authentication.
What is a possible reason?
- A. FortiGate determined the user by passive authentication
- B. The user was determined by Security Fabric
- C. Two-factor authentication is not configured with RADIUS authentication method
- D. FortiNAC determined the user by DHCP fingerprint method
Answer:
D
Question 6
Refer to the exhibit, which shows a non-protected OT environment.
An administrator needs to implement proper protection on the OT network.
Which three steps should an administrator take to protect the OT network? (Choose three.)
- A. Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.
- B. Deploy a FortiGate device within each ICS network.
- C. Configure firewall policies with web filter to protect the different ICS networks.
- D. Configure firewall policies with industrial protocol sensors
- E. Use segmentation
Answer:
A, C, D
Question 7
When you create a user or host profile, which three criteria can you use? (Choose three.)
- A. Host or user group memberships
- B. Administrative group membership
- C. An existing access control policy
- D. Location
- E. Host or user attributes
Answer:
A, D, E
Question 8
An OT administrator is defining an incident notification policy using FortiSIEM and would like to
configure the system with a notification policy. If an incident occurs, the administrator would like to
be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?
- A. Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
- B. Create a notification policy and define a script/remediation on FortiSIEM.
- C. Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
- D. Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.
Answer:
C
Explanation:
Reference:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/06918379-
afd1-11e9-a989-00505692583a/Standalone_PDF.pdf
Question 9
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process
control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two
VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then
through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true?
- A. The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.
- B. The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.
- C. PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
- D. In order to communicate, PLC1 must be in the same VLAN as PLC2.
Answer:
C
Question 10
Which three methods of communication are used by FortiNAC to gather visibility information?
(Choose three.)
- A. SNMP
- B. ICMP
- C. API
- D. RADIUS
- E. TACACS
Answer:
A, C, D
Question 11
Refer to the exhibit.
Based on the topology designed by the OT architect, which two statements about implementing OT
security are true? (Choose two.)
- A. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
- B. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
- C. IT and OT networks are separated by segmentation.
- D. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.
Answer:
C, D
Question 12
An OT network architect needs to secure control area zones with a single network access policy to
provision devices to any number of different networks.
On which device can this be accomplished?
- A. FortiGate
- B. FortiEDR
- C. FortiSwitch
- D. FortiNAC
Answer:
D
Question 13
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users
be authenticated against passive authentication first and, if passive authentication is not successful,
then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?
- A. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
- B. Enable two-factor authentication with FSSO.
- C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
- D. Under config user settings configure set auth-on-demand implicit.
Answer:
D
Question 14
Refer to the exhibit.
You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft
FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?
- A. You must use a FortiAuthenticator.
- B. You must register the same FortiToken on more than one FortiGate.
- C. You must use the user self-registration server.
- D. You must use a third-party RADIUS OTP server.
Answer:
A
Question 15
An OT administrator deployed many devices to secure the OT network. However, the SOC team is
reporting that there are too many alerts, and that many of the alerts are false positive. The OT
administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves
time, and saves resources.
Which products should the administrator deploy to address these issues and automate most of the
manual tasks done by the SOC team?
- A. FortiSIEM and FortiManager
- B. FortiSandbox and FortiSIEM
- C. FortiSOAR and FortiSIEM
- D. A syslog server and FortiSIEM
Answer:
C