100% Free NSE7_OTS-6.4 Exam Dumps Use Real NSE 7 Network Security Architect Dumps With 37 Questions!
Pass Your NSE7_OTS-6.4 Exam Easily With 100% Exam Passing Guarantee [2023]
NEW QUESTION # 22
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?
- A. Under config user settings configure set auth-on-demand implicit.
- B. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
- C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
- D. Enable two-factor authentication with FSSO.
Answer: A
NEW QUESTION # 23
What two advantages does FortiNAC provide in the OT network? (Choose two.)
- A. It can be used for network micro-segmentation.
- B. It can be used for IoT device detection.
- C. It can be used for device profiling.
- D. It can be used for industrial intrusion detection and prevention.
Answer: B,C
Explanation:
Typically, in a microsegmented network, NGFWs are used in conjunction with VLANs to implement security policies and to inspect and filter network communications. Fortinet FortiSwitch and FortiGate NGFW offer an integrated approach to microsegmentation.
NEW QUESTION # 24
Refer to the exhibit.
Which statement about the interfaces shown in the exhibit is true?
- A. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains
- B. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.
- C. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.
- D. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
Answer: A
NEW QUESTION # 25
Refer to the exhibit.
Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)
- A. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
- B. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
- C. IT and OT networks are separated by segmentation.
- D. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.
Answer: B,C
NEW QUESTION # 26
An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.
What is a possible reason?
- A. FortiGate determined the user by passive authentication
- B. The user was determined by Security Fabric
- C. FortiNAC determined the user by DHCP fingerprint method
- D. Two-factor authentication is not configured with RADIUS authentication method
Answer: A
NEW QUESTION # 27
When you create a user or host profile, which three criteria can you use? (Choose three.)
- A. An existing access control policy
- B. Host or user attributes
- C. Host or user group memberships
- D. Administrative group membership
- E. Location
Answer: B,C,E
NEW QUESTION # 28
An OT network administrator is trying to implement active authentication.
Which two methods should the administrator use to achieve this? (Choose two.)
- A. FSSO authentication on FortiGate
- B. Role-based authentication on FortiNAC
- C. Local authentication on FortiGate
- D. Two-factor authentication on FortiAuthenticator
Answer: C,D
NEW QUESTION # 29
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.
What are two possible reasons why the report output was empty? (Choose two.)
- A. The administrator selected the wrong hcache table for the report.
- B. The administrator selected the wrong logs to be indexed in FortiAnalyzer.
- C. The administrator selected the wrong time period for the report.
- D. The administrator selected the wrong devices in the Devices section.
Answer: A,C
NEW QUESTION # 30
Refer to the exhibit.
An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)
- A. The FortiGate devices is in offline IDS mode.
- B. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
- C. Port5 is not a member of the software switch.
- D. The FortiGate-Edge device must be in NAT mode.
Answer: B,D
NEW QUESTION # 31
Refer to the exhibit.
An OT administrator ran a report to identify device inventory in an OT network.
Based on the report results, which report was run?
- A. A FortiSIEM incident report
- B. A FortiSIEM analytics report
- C. A FortiAnalyzer device report
- D. A FortiSIEM CMDB report
Answer: D
NEW QUESTION # 32
Refer to the exhibit.
You are navigating through FortiSIEM in an OT network.
How do you view information presented in the exhibit and what does the FortiGate device security status tell you?
- A. In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.
- B. In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.
- C. In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.
- D. In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.
Answer: C
NEW QUESTION # 33
An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.
What is a possible reason?
- A. FortiNAC determined the user by DHCP fingerprint method
- B. The user was determined by Security Fabric
- C. FortiGate determined the user by passive authentication
- D. Two-factor authentication is not configured with RADIUS authentication method
Answer: A
NEW QUESTION # 34
An OT network administrator is trying to implement active authentication.
Which two methods should the administrator use to achieve this? (Choose two.)
- A. FSSO authentication on FortiGate
- B. Local authentication on FortiGate
- C. Role-based authentication on FortiNAC
- D. Two-factor authentication on FortiAuthenticator
Answer: C,D
NEW QUESTION # 35
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?
- A. FortiNAC
- B. FortiSwitch
- C. FortiEDR
- D. FortiGate
Answer: D
Explanation:
An OT network architect can accomplish the goal of securing control area zones with a single network access policy to provision devices to any number of different networks on a FortiGate device.
NEW QUESTION # 36
What can be assigned using network access control policies?
- A. Logical networks
- B. Layer 3 polling intervals
- C. FortiNAC device polling methods
- D. Profiling rules
Answer: D
NEW QUESTION # 37
An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?
- A. By default, the industrial database is enabled.
- B. An administrator must create their own database using custom signatures.
- C. A supervisor can enable it through the FortiGate CLI.
- D. A supervisor must purchase an industrial signature database and import it to the FortiGate.
Answer: C
NEW QUESTION # 38
......
Study resources for the Valid NSE7_OTS-6.4 Braindumps: https://actualtorrent.realvce.com/NSE7_OTS-6.4-VCE-file.html