The correct answer is C. EtherCAT .

The study guide states that for industrial Ethernet protocols, “such as Ethernet/IP and Modbus/TCP, you can use VLANs to segment your physical LAN into multiple logical LANs.” This directly confirms that Ethernet/IP and Modbus/TCP support VLAN-based segmentation in the OT context.

By contrast, the guide explains that “EtherCAT skips layers 3 to 6 to deliver real-time communication” and describes it as an “Open-Software Modified-Ethernet” approach. Because it does not operate like the standard Ethernet/IP model used for normal VLAN-based segmentation, EtherCAT is the protocol identified here as not supporting VLANs in the way Ethernet/IP and Modbus/TCP do.

So, based on the study guide comparison, the verified answer is EtherCAT .

The correct answer is C. The output of the CLI command get rule otvp status . In the Virtual Patching section, the study guide shows the workflow where FortiGate queries FortiGuard for device-specific vulnerabilities, receives OT virtual patching signatures, maps them to the device MAC address, and then explicitly displays the CLI verification command get rule otvp status together with fields such as Rule-name , Vuln_type , and Cve . This is the direct confirmation mechanism shown in the guide for checking whether OT devices have virtual patching rules associated with them.

The other options are less accurate for confirmation. The OT View page is for Purdue-level visualization, and the Asset Identity List page shows device and asset information, but neither is presented in the guide as the command or control used to verify virtual patching status. The study guide specifically uses get rule otvp status as the status check tied to virtual patching behavior.

The correct answers are B. Real-time control and D. Determinism . The study guide defines industrial Ethernet as the “use of Ethernet and TCP/IP as transport mechanisms for industrial protocols” and states that it provides “real-time control,” “low latency,” and “determinism (meaning reliable and predictable data delivery)” in harsh environments. It further explains that industrial Ethernet “provides deterministic communication between machine controllers, actuators, sensors, and other units.” These statements directly confirm that the two key advantages are real-time control and determinism.

The other options are not supported by the study guide as core advantages of industrial Ethernet. Encryption is not listed as one of the benefits in this section, and remote access is discussed elsewhere in the OT architecture but not as a defining advantage of industrial Ethernet itself. The guide is explicit that the main benefits here are predictable delivery and real-time communication, which are essential in industrial control environments where timing and reliability matter.

The correct answer is C. Industrial Control System (ICS) . The study guide states that “ICS is a main component of OT” and “consists of systems used for monitoring and controlling industrial processes.” It also explains that ICS includes various devices, systems, controls, and networks that manage industrial processes, and that the most common types are SCADA and distributed control systems (DCS) . This makes ICS the primary OT component for monitoring and controlling industrial processes.

The other options are related OT components, but they are not the best answer to this wording. SCADA collects real-time data and helps visualize and control the OT environment, but it is described as a system within the broader ICS structure. PLC devices collect and transmit real-time data and connect sensors and RTUs to SCADA, while IIoT refers to sensors, actuators, and other connected field devices. Therefore, the overarching main OT component for monitoring and controlling industrial processes is ICS .

The correct answer is A . The study guide states that “The OT view is not available by default. You must enable it in the Feature Visibility section of the GUI or using the CLI command shown on this slide” and shows config system settings → set gui-ot enable . It also says that “After you enable the feature, the Asset Identity Center contains an Asset Identity List tab and an OT View tab.” This directly explains why the OT View tab is missing: the feature that enables the Purdue-style OT display has not been enabled yet.

The OT View is the view that displays devices in a Purdue diagram , and the Asset Identity List also shows the current Purdue level for each device. Because the answer options do not explicitly say enable OT View in Feature Visibility , option A is the intended match, since it refers to enabling the Purdue-related OT display feature. Option B is incorrect because device detection affects visibility of devices, not whether the OT View tab exists. Option C is not supported by the study guide, and option D is also not given as the requirement for showing the OT View tab.

The correct answers are B and D .

Option B is correct because the profile has Medium , High , and Critical selected, while Low severity is not selected. That means low-severity virtual patching signatures are not enforced by this profile. So for the device with MAC address 12:12:12:12:12 , low-severity signatures are not blocked. The study guide explains virtual patching as device-specific protection where “FortiGate caches the signatures and mitigation rules that apply to each device” and applies them when the related traffic matches the firewall policy.

Option D is correct because the Virtual Patching Exemptions table shows a row with the MAC address 11:11:11:11:11 and no specific signature listed. The study guide states that in the Virtual Patching profile you can “Exempt a specific device with the MAC address or a specific signature.” A MAC-only exemption means that specific device is excluded from virtual patching enforcement, so in practical terms it is treated as having no applicable vulnerabilities in this profile.

Option C is incorrect because the profile does not block critical signatures for all devices. The exemptions list proves that at least one device can be excluded by MAC address, and a specific signature can also be exempted. Therefore, enforcement is not universal across all devices.

Option A is incorrect because the entry Schneider.Electric.ClearSCADA.HTTP.Interface.XSS appears as a specific signature exemption , not as the only remaining vulnerability. The profile display is showing exemptions, not a statement that only one vulnerability is still present.

Deploying a FortiGate in offline IDS (also known as one-arm sniffer mode) is a common strategy in OT environments for several reasons found in the study guide:

Priority of Availability : In OT, availability and safety are critically important and prioritized higher than in IT. An offline IDS minimizes impact because it does not sit in the direct path of production traffic.

Network Sensor Role : In this mode, the FortiGate is connected to a mirror/SPAN port on a switch. It acts as a network sensor , receiving a copy of the traffic rather than having the traffic flow through it. This confirms Statement A is correct and Statement D is incorrect.

Passive vs. Active : The guide explicitly states that in OT environments, passive methods are preferred over active methods to avoid negatively impacting performance or causing process interruptions.

Depth of Visibility : Even though the device is offline, you apply security profiles (such as IPS, Application Control, and Antivirus) to the sniffer interface. This allows the FortiGate to analyze the copied traffic and provide deep visibility into the OT assets and their behaviors. This confirms Statement B is correct.

Detection vs. Prevention : An IDS (Intrusion Detection System) is passive ; it can detect threats but cannot reset connections or drop packets to block attacks. Therefore, it cannot block zero-day attacks, making Statement C incorrect.