Pass Fortinet NSE7_OTS-6.4 With BraindumpsVCE Exam Dumps - Updated on Jan-2022
Fully Updated NSE7_OTS-6.4 Dumps - 100% Same Q&A In Your Real Exam
Fortinet NSE7_OTS-6.4 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION 20
Which three common breach points can be found in a typical OT environment? (Choose three.)
- A. Global hat
- B. RTU exploits
- C. Black hat
- D. VLAN exploits
- E. Hard hat
Answer: B,C,D
NEW QUESTION 21
Refer to the exhibit.
Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)
- A. IT and OT networks are separated by segmentation.
- B. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
- C. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.
- D. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
Answer: A,C
NEW QUESTION 22
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?
- A. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
- B. Under config user settings configure set auth-on-demand implicit.
- C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
- D. Enable two-factor authentication with FSSO.
Answer: B
NEW QUESTION 23
What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)
- A. Enhanced point of connection details
- B. Adapter consolidation for multi-adapter hosts
- C. Direct VLAN assignment
- D. Importation and classification of hosts
Answer: A,C
NEW QUESTION 24
What triggers Layer 2 polling of infrastructure devices connected in the network?
- A. A failed Layer 3 poll
- B. A matched profiling rule
- C. A matched security policy
- D. A linkup or linkdown trap
Answer: D
NEW QUESTION 25
Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.)
- A. FortiAnalyzer
- B. FortiNAC
- C. FortiGate
- D. FortiSIEM
- E. FortiManager
Answer: A,B,D
NEW QUESTION 26
An OT administrator deployed many devices to secure the OT network. However, the SOC team is reporting that there are too many alerts, and that many of the alerts are false positive. The OT administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves time, and saves resources.
Which products should the administrator deploy to address these issues and automate most of the manual tasks done by the SOC team?
- A. FortiSIEM and FortiManager
- B. A syslog server and FortiSIEM
- C. FortiSandbox and FortiSIEM
- D. FortiSOAR and FortiSIEM
Answer: D
NEW QUESTION 27
When you create a user or host profile, which three criteria can you use? (Choose three.)
- A. Host or user attributes
- B. Host or user group memberships
- C. Administrative group membership
- D. Location
- E. An existing access control policy
Answer: A,B,D
NEW QUESTION 28
What can be assigned using network access control policies?
- A. Logical networks
- B. Profiling rules
- C. FortiNAC device polling methods
- D. Layer 3 polling intervals
Answer: B
NEW QUESTION 29
What two advantages does FortiNAC provide in the OT network? (Choose two.)
- A. It can be used for network micro-segmentation.
- B. It can be used for device profiling.
- C. It can be used for industrial intrusion detection and prevention.
- D. It can be used for IoT device detection.
Answer: A,B
NEW QUESTION 30
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?
- A. FortiNAC
- B. FortiEDR
- C. FortiSwitch
- D. FortiGate
Answer: A
NEW QUESTION 31
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.
What are two possible reasons why the report output was empty? (Choose two.)
- A. The administrator selected the wrong time period for the report.
- B. The administrator selected the wrong hcache table for the report.
- C. The administrator selected the wrong devices in the Devices section.
- D. The administrator selected the wrong logs to be indexed in FortiAnalyzer.
Answer: A,B
NEW QUESTION 32
An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?
- A. An administrator must create their own database using custom signatures.
- B. A supervisor can enable it through the FortiGate CLI.
- C. A supervisor must purchase an industrial signature database and import it to the FortiGate.
- D. By default, the industrial database is enabled.
Answer: B
NEW QUESTION 33
Refer to the exhibit.
Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)
- A. FortiNAC for network access control
- B. FortiEDR for endpoint detection
- C. FortiGate for application control and IPS
- D. FortiGate for SD-WAN
- E. FortiSIEM for security incident and event management
Answer: A,C,E
NEW QUESTION 34
......
Latest NSE7_OTS-6.4 Exam Dumps - Valid and Updated Dumps: https://freetorrent.braindumpsvce.com/NSE7_OTS-6.4_exam-dumps-torrent.html