Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Login / Register

Question # 4

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

A.

Planning a threat hunting strategy

B.

Implementing strategies to automatically bring PLCs offline

C.

Creating disaster recovery plans to switch operations to a backup plant

D.

Evaluating what can go wrong before it happens

Full Access
Question # 5

When you create a user or host profile, which three criteria can you use? (Choose three.)

A.

Host or user group memberships

B.

Administrative group membership

C.

An existing access control policy

D.

Location

E.

Host or user attributes

Full Access
Question # 6

Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

A.

FortiGate is configured with forward-domains to reduce unnecessary traffic.

B.

FortiGate is configured with forward-domains to forward only domain controller traffic.

C.

FortiGate is configured with forward-domains to forward only company domain website traffic.

D.

FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

Full Access
Question # 7

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.

Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources.

As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?

A.

Configure outbound security policies with limited active authentication users of the third-party company.

B.

Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.

C.

Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.

D.

Implement an additional firewall using an additional upstream link to the internet.

Full Access
Question # 8

As an OT network administrator you are managing three FortiGate devices that each protect different levels on the Purdue model To increase traffic visibility you are required to implement additional security measures to detect protocols from PLCs

Which security sensor must you implement to detect protocols on the OT network?

A.

Endpoint Detection and Response (EDR)

B.

Deep packet inspection (DPI)

C.

Intrusion prevention system (IPS)

D.

Application control (AC)

Full Access
Question # 9

Which three Fortinet products can you use for device identification in an OT industrial control system (ICS)? (Choose three.)

A.

FortiSIEM

B.

FortiManager

C.

FortiAnalyzer

D.

FortiGate

E.

FortiNAC

Full Access
Question # 10

An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.

What are two possible reasons why the report output was empty? (Choose two.)

A.

The administrator selected the wrong logs to be indexed in FortiAnalyzer.

B.

The administrator selected the wrong time period for the report.

C.

The administrator selected the wrong devices in the Devices section.

D.

The administrator selected the wrong hcache table for the report.

Full Access
Question # 11

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

A.

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

B.

Deploy a FortiGate device within each ICS network.

C.

Configure firewall policies with web filter to protect the different ICS networks.

D.

Configure firewall policies with industrial protocol sensors

E.

Use segmentation

Full Access
Question # 12

An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.

On which device can this be accomplished?

A.

FortiGate

B.

FortiEDR

C.

FortiSwitch

D.

FortiNAC

Full Access
Question # 13

Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.

Which statement about the topology is true?

A.

PLCs use IEEE802.1Q protocol to communicate each other.

B.

An administrator can create firewall policies in the switch to secure between PLCs.

C.

This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

D.

There is no micro-segmentation in this topology.

Full Access
Question # 14

Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is designed to defend against intentional attacks?

A.

Users with access to moderate resources

B.

Users with low access to resources

C.

Users with unintentional operator error

D.

Users with substantial resources

Full Access
Question # 15

Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)

A.

SNMP

B.

ICMP

C.

API

D.

RADIUS

E.

TACACS

Full Access
Question # 16

When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

A.

Known trusted devices, each time they change location

B.

All connected devices, each time they connect

C.

Rogue devices, only when they connect for the first time

D.

Rogue devices, each time they connect

Full Access
Question # 17

Which three common breach points can be found in a typical OT environment? (Choose three.)

A.

Global hat

B.

Hard hat

C.

VLAN exploits

D.

Black hat

E.

RTU exploits

Full Access
Question # 18

Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

A.

Set a unique forward domain on each interface on the network.

B.

Set FortiGate to operate in transparent mode.

C.

Set a software switch on FortiGate to handle inter-VLAN traffic.

D.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Full Access
Question # 19

An OT network administrator is trying to implement active authentication.

Which two methods should the administrator use to achieve this? (Choose two.)

A.

Two-factor authentication on FortiAuthenticator

B.

Role-based authentication on FortiNAC

C.

FSSO authentication on FortiGate

D.

Local authentication on FortiGate

Full Access
Question # 20

An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.

What is a possible reason?

A.

FortiGate determined the user by passive authentication

B.

The user was determined by Security Fabric

C.

Two-factor authentication is not configured with RADIUS authentication method

D.

FortiNAC determined the user by DHCP fingerprint method

Full Access