検証済みNSE7_OTS-6.4問題集PDF資料 [2022]
最新のNSE7_OTS-6.4実際の無料試験問題更新された36問あります
質問 14
Refer to the exhibit, which shows a non-protected OT environment.
An administrator needs to implement proper protection on the OT network.
Which three steps should an administrator take to protect the OT network? (Choose three.)
- A. Configure firewall policies with industrial protocol sensors
- B. Deploy a FortiGate device within each ICS network.
- C. Use segmentation
- D. Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.
- E. Configure firewall policies with web filter to protect the different ICS networks.
正解: A,D,E
質問 15
As an OT administrator, it is important to understand how industrial protocols work in an OT network.
Which communication method is used by the Modbus protocol?
- A. It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.
- B. It uses OSI Layer 2 and the secondary device sends data based on request from primary device.
- C. It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.
- D. It uses OSI Layer 2 and the primary device sends data based on request from secondary device.
正解: B
質問 16
Refer to the exhibit.
An OT administrator ran a report to identify device inventory in an OT network.
Based on the report results, which report was run?
- A. A FortiSIEM analytics report
- B. A FortiSIEM incident report
- C. A FortiSIEM CMDB report
- D. A FortiAnalyzer device report
正解: C
質問 17
An OT administrator deployed many devices to secure the OT network. However, the SOC team is reporting that there are too many alerts, and that many of the alerts are false positive. The OT administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves time, and saves resources.
Which products should the administrator deploy to address these issues and automate most of the manual tasks done by the SOC team?
- A. A syslog server and FortiSIEM
- B. FortiSIEM and FortiManager
- C. FortiSOAR and FortiSIEM
- D. FortiSandbox and FortiSIEM
正解: C
質問 18
An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?
- A. A supervisor must purchase an industrial signature database and import it to the FortiGate.
- B. A supervisor can enable it through the FortiGate CLI.
- C. An administrator must create their own database using custom signatures.
- D. By default, the industrial database is enabled.
正解: B
質問 19
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?
- A. Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
- B. Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
- C. Create a notification policy and define a script/remediation on FortiSIEM.
- D. Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.
正解: A
質問 20
An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.
How can the OT network architect achieve this goal?
- A. Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
- B. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.
- C. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.
- D. Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.
正解: A
質問 21
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?
- A. Under config user settings configure set auth-on-demand implicit.
- B. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
- C. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
- D. Enable two-factor authentication with FSSO.
正解: A
質問 22
What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)
- A. Enhanced point of connection details
- B. Direct VLAN assignment
- C. Adapter consolidation for multi-adapter hosts
- D. Importation and classification of hosts
正解: A,B
質問 23
What two advantages does FortiNAC provide in the OT network? (Choose two.)
- A. It can be used for device profiling.
- B. It can be used for industrial intrusion detection and prevention.
- C. It can be used for IoT device detection.
- D. It can be used for network micro-segmentation.
正解: A,D
質問 24
When you create a user or host profile, which three criteria can you use? (Choose three.)
- A. Location
- B. Host or user attributes
- C. An existing access control policy
- D. Administrative group membership
- E. Host or user group memberships
正解: A,B,E
質問 25
Refer to the exhibit.
You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?
- A. You must register the same FortiToken on more than one FortiGate.
- B. You must use the user self-registration server.
- C. You must use a FortiAuthenticator.
- D. You must use a third-party RADIUS OTP server.
正解: C
質問 26
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)
- A. SNMP
- B. ICMP
- C. RADIUS
- D. API
- E. TACACS
正解: A,C,D
質問 27
What can be assigned using network access control policies?
- A. Logical networks
- B. Profiling rules
- C. FortiNAC device polling methods
- D. Layer 3 polling intervals
正解: B
質問 28
......
NSE7_OTS-6.4認定概要最新のNSE7_OTS-6.4PDF問題集はこちら:https://jp.fast2test.com/NSE7_OTS-6.4-premium-file.html
無料NSE7_OTS-6.4試験ブレーン問題集認定ガイド問題と解答:https://drive.google.com/open?id=1cprfWmZ0Y1r0EYXrzBmfBLRcoe4vudBh