Fortinet NSE7_OTS-7.2試験情報と無料練習テスト問題で合格せよ
2024年最新のの問題NSE7_OTS-7.2問題集で更新されたFortinet試験問題集を試そう
Fortinet NSE7_OTS-7.2試験は、オペレーショナルテクノロジー(OT)ネットワークのセキュリティに焦点を当てたITプロフェッショナル向けの認定プログラムです。この試験は、OTネットワークのセキュリティ確保、産業制御システム(ICS)のセキュリティ確保、および監視制御およびデータ取得(SCADA)システムのセキュリティ確保に関する候補者の知識をテストするように設計されています。この試験は、OTセキュリティのベストプラクティスに深い理解を要し、OTネットワークのセキュリティソリューションの実装と管理能力が必要な上級レベルの認定プログラムです。
質問 # 16
How can you achieve remote access and internel availability in an OT network?
- A. Add additional internal firewalls to access OT devices.
- B. Create a back-end backup network as a redundancy measure.
- C. Create more access policies to prevent unauthorized access.
- D. Implement SD-WAN to manage traffic on each ISP link.
正解:D
質問 # 17
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?
- A. Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
- B. Create a notification policy and define a script/remediation on FortiSIEM.
- C. Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.
- D. Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
正解:B
解説:
Explanation
https://fusecommunity.fortinet.com/blogs/silviu/2022/04/12/fortisiempublishingscript
質問 # 18
What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)
- A. Direct VLAN assignment
- B. Enhanced point of connection details
- C. Adapter consolidation for multi-adapter hosts
- D. Importation and classification of hosts
正解:B、D
質問 # 19
Refer to the exhibit.
An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.
Which statement correctly describes the issue on the rule configuration?
- A. The attributes in the Group By section must match the ones in Fitters section.
- B. The SubPattern is missing the filter to match the Modbus protocol.
- C. The first condition on the SubPattern filter must use the OR logical operator.
- D. The Aggregate attribute COUNT expression is incompatible with the filters.
正解:A
質問 # 20
An OT network administrator is trying to implement active authentication.
Which two methods should the administrator use to achieve this? (Choose two.)
- A. Two-factor authentication on FortiAuthenticator
- B. Role-based authentication on FortiNAC
- C. Local authentication on FortiGate
- D. FSSO authentication on FortiGate
正解:A、C
質問 # 21
Refer to the exhibit.
An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.
Which change must the OT network administrator make?
- A. Change the security action of the industrial category to monitor.
- B. Set the priority of the C.BO.NA.1 signature override to 1.
- C. Remove IEC.60870.5.104 Information.Transfer from the first filter override.
- D. Set all application categories to apply default actions.
正解:B
解説:
Explanation
According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:
Allow: The FortiGate unit allows the traffic without any further inspection.
Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.
Block: The FortiGate unit blocks the traffic and logs it as an attack.
The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.
In the exhibit, the application sensor has the following settings:
The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.
The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.
The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.
The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.
To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.
1: NSE 7 Network Security Architect - Fortinet
質問 # 22
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?
- A. RADIUS
- B. MAC notification traps
- C. End station traffic monitoring
- D. Link traps
正解:A
解説:
Explanation
FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients that authenticate through the RADIUS server.
質問 # 23
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?
- A. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
- B. Under config user settings configure set auth-on-demand implicit.
- C. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
- D. Enable two-factor authentication with FSSO.
正解:A
解説:
Explanation
The OT supervisor should configure a firewall policy with FSSO users and place it on the top of list of firewall policies in order to achieve the goal of authenticating users against passive authentication first and, if passive authentication is not successful, then challenging them with active authentication.
質問 # 24
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.
Which security sensor must implement to detect these types of industrial exploits?
- A. Antivirus inspection
- B. Intrusion prevention system (IPS)
- C. Deep packet inspection (DPI)
- D. Application control
正解:C
質問 # 25
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs.
All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true?
- A. PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
- B. In order to communicate, PLC1 must be in the same VLAN as PLC2.
- C. The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.
- D. The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.
正解:A
解説:
Explanation
The statement that is true about the traffic between PLC1 and PLC2 is that PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
質問 # 26
Refer to the exhibit.
Which statement about the interfaces shown in the exhibit is true?
- A. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.
- B. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
- C. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains
- D. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.
正解:C
質問 # 27
Refer to the exhibit.
An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)
- A. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
- B. The FortiGate-Edge device must be in NAT mode.
- C. Port5 is not a member of the software switch.
- D. The FortiGate devices is in offline IDS mode.
正解:A、B
質問 # 28
Refer to the exhibit.
You are navigating through FortiSIEM in an OT network.
How do you view information presented in the exhibit and what does the FortiGate device security status tell you?
- A. In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.
- B. In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.
- C. In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.
- D. In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.
正解:B
質問 # 29
Which three common breach points can be found in a typical OT environment? (Choose three.)
- A. RTU exploits
- B. VLAN exploits
- C. Black hat
- D. Hard hat
- E. Global hat
正解:A、C、D
質問 # 30
An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.
How can the OT network architect achieve this goal?
- A. Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.
- B. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.
- C. Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
- D. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.
正解:B
解説:
Explanation
This way, FortiSIEM can discover and monitor everything attached to the remote network and provide security visibility to the corporate network
質問 # 31
An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?
- A. By default, the industrial database is enabled.
- B. A supervisor can enable it through the FortiGate CLI.
- C. An administrator must create their own database using custom signatures.
- D. A supervisor must purchase an industrial signature database and import it to the FortiGate.
正解:B
質問 # 32
Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic?
(Choose three.)
- A. Destination defined as internet services in the firewall policy
- B. Source defined as internet services in the firewall policy
- C. Lowest to highest policy ID number
- D. Highest to lowest priority defined in the firewall policy
- E. Services defined in the firewall policy.
正解:A、D、E
解説:
Explanation
The three criteria that a FortiGate device can use to look for a matching firewall policy to process traffic are:
A: Services defined in the firewall policy - FortiGate devices can match firewall policies based on the services defined in the policy, such as HTTP, FTP, or DNS.
D: Destination defined as internet services in the firewall policy - FortiGate devices can also match firewall policies based on the destination of the traffic, including destination IP address, interface, or internet services.
E: Highest to lowest priority defined in the firewall policy - FortiGate devices can prioritize firewall policies based on the priority defined in the policy. The device will process traffic against the policy with the highest priority first and move down the list until it finds a matching policy.
質問 # 33
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)
- A. TACACS
- B. API
- C. RADIUS
- D. ICMP
- E. SNMP
正解:B、C、E
質問 # 34
An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.
What is a possible reason?
- A. The user was determined by Security Fabric
- B. Two-factor authentication is not configured with RADIUS authentication method
- C. FortiNAC determined the user by DHCP fingerprint method
- D. FortiGate determined the user by passive authentication
正解:D
質問 # 35
The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?
- A. CMDB reports
- B. Threat hunting reports
- C. OT/loT reports
- D. Compliance reports
正解:B
質問 # 36
......
Fortinet NSE7_OTS-7.2試験に備えるために、候補者はトレーニングコース、練習問題、スタディガイドなど、様々な学習リソースを活用することができます。Fortinetは、ホワイトペーパー、Webinar、ケーススタディなど、豊富な知識リソースも提供しており、試験に備えるための手助けとなります。
最新のNSE7_OTS-7.2試験問題集でFortinet試験が合格できます:https://jp.fast2test.com/NSE7_OTS-7.2-premium-file.html
合格できるFortinet NSE7_OTS-7.2のPDF問題集で最近更新された52問あります:https://drive.google.com/open?id=1lwwZIIoKGE9YaYNqKGQwKNT5Btyb6oUN