What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)
- A . Enhanced point of connection details
- B . Direct VLAN assignment
- C . Adapter consolidation for multi-adapter hosts
- D . Importation and classification of hosts
C, D
Explanation:
The two benefits of a Nozomi integration with FortiNAC are enhanced point of connection details and importation and classification of hosts. Enhanced point of connection details allows for the identification and separation of traffic from multiple points of connection, such as Wi-Fi, wired, cellular, and VPN. Importation and classification of hosts allows for the automated importing and classification of host and device information into FortiNAC. This allows for better visibility and control of the network.
Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)
- A . Services defined in the firewall policy.
- B . Source defined as internet services in the firewall policy
- C . Lowest to highest policy ID number
- D . Destination defined as internet services in the firewall policy
- E . Highest to lowest priority defined in the firewall policy
ADE
Explanation:
The three criteria that a FortiGate device can use to look for a matching firewall policy to process traffic are:
A) Services defined in the firewall policy – FortiGate devices can match firewall policies based on the
services defined in the policy, such as HTTP, FTP, or DNS.
D) Destination defined as internet services in the firewall policy – FortiGate devices can also match firewall policies based on the destination of the traffic, including destination IP address, interface, or internet services.
E) Highest to lowest priority defined in the firewall policy – FortiGate devices can prioritize firewall policies based on the priority defined in the policy. The device will process traffic against the policy with the highest priority first and move down the list until it finds a matching policy.
Reference: Fortinet NSE 7 – Enterprise Firewall 6.4 Study Guide, Chapter 4: Policy Implementation, page 4-18.
Refer to the exhibit and analyze the output.
Which statement about the output is true?
- A . This is a sample of a FortiAnalyzer system interface event log.
- B . This is a sample of an SNMP temperature control event log.
- C . This is a sample of a PAM event type.
- D . This is a sample of FortiGate interface statistics.
Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.)
- A . FortiNAC
- B . FortiManager
- C . FortiAnalyzer
- D . FortiSIEM
- E . FortiGate
ADE
Explanation:
A) FortiNAC – FortiNAC is a network access control solution that provides visibility and control over network devices. It can identify devices, enforce access policies, and automate threat response.
D) FortiSIEM – FortiSIEM is a security information and event management solution that can collect and analyze data from multiple sources, including network devices and servers. It can help identify potential security threats, as well as monitor compliance with security policies and regulations.
E) FortiAnalyzer – FortiAnalyzer is a central logging and reporting solution that collects and analyzes data from multiple sources, including FortiNAC and FortiSIEM. It can provide insights into network activity and help identify anomalies or security threats.
Reference: Fortinet NSE 7 – OT Security 6.4 Study Guide, Chapter 4: OT Security Devices, page 4-20.
Refer to the exhibit
In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.
Which statement about the topology is true?
- A . PLCs use IEEE802.1Q protocol to communicate each other.
- B . An administrator can create firewall policies in the switch to secure between PLCs.
- C . This integration solution expands VLAN capabilities from Layer 2 to Layer 3.
- D . There is no micro-segmentation in this topology.
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?
- A . RADIUS
- B . Link traps
- C . End station traffic monitoring
- D . MAC notification traps
A
Explanation:
FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients that authenticate through the RADIUS server.
Reference: Fortinet NSE 7 – OT Security 6.4 Study Guide, Chapter 4: OT Security Devices, page 4-28.
Which three common breach points can be found in a typical OT environment? (Choose three.)
- A . Global hat
- B . Hard hat
- C . VLAN exploits
- D . Black hat
- E . RTU exploits
Refer to the exhibit.
You are navigating through FortiSIEM in an OT network.
How do you view information presented in the exhibit and what does the FortiGate device security status tell you?
- A . In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.
- B . In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.
- C . In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.
- D . In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.
An OT network administrator is trying to implement active authentication.
Which two methods should the administrator use to achieve this? (Choose two.)
- A . Two-factor authentication on FortiAuthenticator
- B . Role-based authentication on FortiNAC
- C . FSSO authentication on FortiGate
- D . Local authentication on FortiGate
Refer to the exhibit.
An OT administrator ran a report to identify device inventory in an OT network.
Based on the report results, which report was run?
- A . A FortiSIEM CMDB report
- B . A FortiAnalyzer device report
- C . A FortiSIEM incident report
- D . A FortiSIEM analytics report
An OT administrator deployed many devices to secure the OT network. However, the SOC team is reporting that there are too many alerts, and that many of the alerts are false positive. The OT administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves time, and saves resources.
Which products should the administrator deploy to address these issues and automate most of the manual tasks done by the SOC team?
- A . FortiSIEM and FortiManager
- B . FortiSandbox and FortiSIEM
- C . FortiSOAR and FortiSIEM
- D . A syslog server and FortiSIEM
Refer to the exhibit.
You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?
- A . You must use a FortiAuthenticator.
- B . You must register the same FortiToken on more than one FortiGate.
- C . You must use the user self-registration server.
- D . You must use a third-party RADIUS OTP server.
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?
- A . Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
- B . Enable two-factor authentication with FSSO.
- C . Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
- D . Under config user settings configure set auth-on-demand implicit.
C
Explanation:
The OT supervisor should configure a firewall policy with FSSO users and place it on the top of list of
firewall policies in order to achieve the goal of authenticating users against passive authentication first and, if passive authentication is not successful, then challenging them with active authentication.
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?
- A . FortiGate
- B . FortiEDR
- C . FortiSwitch
- D . FortiNAC
A
Explanation:
An OT network architect can accomplish the goal of securing control area zones with a single network access policy to provision devices to any number of different networks on a FortiGate device.
Refer to the exhibit.
Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)
- A . Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
- B . Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
- C . IT and OT networks are separated by segmentation.
- D . FortiGate-3 and FortiGate-4 devices must be in a transparent mode.
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)
- A . SNMP
- B . ICMP
- C . API
- D . RADIUS
- E . TACACS
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true?
- A . The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.
- B . The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.
- C . PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
- D . In order to communicate, PLC1 must be in the same VLAN as PLC2.
C
Explanation:
The statement that is true about the traffic between PLC1 and PLC2 is that PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?
- A . Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
- B . Create a notification policy and define a script/remediation on FortiSIEM.
- C . Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
- D . Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.
B
Explanation:
https://fusecommunity.fortinet.com/blogs/silviu/2022/04/12/fortisiempublishingscript
When you create a user or host profile, which three criteria can you use? (Choose three.)
- A . Host or user group memberships
- B . Administrative group membership
- C . An existing access control policy
- D . Location
- E . Host or user attributes
A, D, E
Explanation:
https://docs.fortinet.com/document/fortinac/9.2.0/administration-guide/15797/user-host-profiles
Refer to the exhibit, which shows a non-protected OT environment.
An administrator needs to implement proper protection on the OT network.
Which three steps should an administrator take to protect the OT network? (Choose three.)
- A . Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.
- B . Deploy a FortiGate device within each ICS network.
- C . Configure firewall policies with web filter to protect the different ICS networks.
- D . Configure firewall policies with industrial protocol sensors
- E . Use segmentation