NSE7_OTS-6.4問題集を掴み取れ![最新2021]Fortinet試験合格させます [Q20-Q43]

Share

NSE7_OTS-6.4問題集を掴み取れ![最新2021]Fortinet試験合格させます

NSE7_OTS-6.4試験問題集PDF正確率保証と更新された問題


Fortinet NSE7_OTS-6.4 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 産業用イーサネットプロトコルの説明
  • FortiSIEMのルールとインシデントの説明
トピック 2
  • OTネットワークの内部セグメンテーションの実装について説明する
  • 役割ベースの認証について説明する
トピック 3
  • 認証を適用してデバイスへのアクセスを制御します
  • 産業用プロトコルと署名を特定します
トピック 4
  • FortiAnalyzerとFortiSIEMを使用してレポートをカスタマイズおよび生成します
  • FortiAnalyzerとFortiSIEMを使用してログと監視を実装します

 

質問 20
When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

  • A. Rogue devices, each time they connect
  • B. All connected devices, each time they connect
  • C. Known trusted devices, each time they change location
  • D. Rogue devices, only when they connect for the first time

正解: D

 

質問 21
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.
What are two possible reasons why the report output was empty? (Choose two.)

  • A. The administrator selected the wrong hcache table for the report.
  • B. The administrator selected the wrong time period for the report.
  • C. The administrator selected the wrong devices in the Devices section.
  • D. The administrator selected the wrong logs to be indexed in FortiAnalyzer.

正解: A,B

 

質問 22
Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

  • A. FortiSIEM for security incident and event management
  • B. FortiGate for application control and IPS
  • C. FortiGate for SD-WAN
  • D. FortiEDR for endpoint detection
  • E. FortiNAC for network access control

正解: A,B,E

 

質問 23
Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.
Which statement about the topology is true?

  • A. There is no micro-segmentation in this topology.
  • B. PLCs use IEEE802.1Q protocol to communicate each other.
  • C. An administrator can create firewall policies in the switch to secure between PLCs.
  • D. This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

正解: A

 

質問 24
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

  • A. Under config user settings configure set auth-on-demand implicit.
  • B. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
  • C. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
  • D. Enable two-factor authentication with FSSO.

正解: A

 

質問 25
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true?

  • A. The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.
  • B. PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
  • C. The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.
  • D. In order to communicate, PLC1 must be in the same VLAN as PLC2.

正解: B

 

質問 26
What can be assigned using network access control policies?

  • A. Logical networks
  • B. Profiling rules
  • C. FortiNAC device polling methods
  • D. Layer 3 polling intervals

正解: B

 

質問 27
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)

  • A. SNMP
  • B. ICMP
  • C. RADIUS
  • D. API
  • E. TACACS

正解: A,C,D

 

質問 28
Refer to the exhibit.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

  • A. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
  • B. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
  • C. IT and OT networks are separated by segmentation.
  • D. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.

正解: C,D

 

質問 29
Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

  • A. FortiGate is configured with forward-domains to forward only domain controller traffic.
  • B. FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.
  • C. FortiGate is configured with forward-domains to forward only company domain website traffic.
  • D. FortiGate is configured with forward-domains to reduce unnecessary traffic.

正解: D

 

質問 30
An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.
What is a possible reason?

  • A. FortiGate determined the user by passive authentication
  • B. The user was determined by Security Fabric
  • C. FortiNAC determined the user by DHCP fingerprint method
  • D. Two-factor authentication is not configured with RADIUS authentication method

正解: C

 

質問 31
Refer to the exhibit.

An OT administrator ran a report to identify device inventory in an OT network.
Based on the report results, which report was run?

  • A. A FortiSIEM analytics report
  • B. A FortiSIEM incident report
  • C. A FortiSIEM CMDB report
  • D. A FortiAnalyzer device report

正解: C

 

質問 32
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?

  • A. FortiSwitch
  • B. FortiGate
  • C. FortiEDR
  • D. FortiNAC

正解: D

 

質問 33
Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)

  • A. Highest to lowest priority defined in the firewall policy
  • B. Source defined as internet services in the firewall policy
  • C. Services defined in the firewall policy.
  • D. Destination defined as internet services in the firewall policy
  • E. Lowest to highest policy ID number

正解: B,C,D

 

質問 34
......

最新をゲットせよ!NSE7_OTS-6.4認定練習テスト問題 試験問題集:https://jp.fast2test.com/NSE7_OTS-6.4-premium-file.html

合格させるNSE7_OTS-6.4試験にはリアルテストエンジンPDFには36問題あります:https://drive.google.com/open?id=1cprfWmZ0Y1r0EYXrzBmfBLRcoe4vudBh


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어