最新のNSE7_OTS-7.2的中関連問題 & 合格スムーズNSE7_OTS-7.2合格受験記 | 一生懸命にNSE7_OTS-7.2認定テキスト昇進の機会を得て仕事に就きたいと考えているなら、当社からNSE7_OTS-7.2学習問題を選択するのが最良の選択のチャンスになります。なぜなら、NSE7_OTS-7.2学習教材には、あなたが自分自身を改善し、他の人よりも優れたものにするのに役立つ十分な能力があるからです。当社のNSE7_OTS-7.2学習教材は、多くの人々が認定を取得し、夢を実現するのに役立ちました。また、当社のNSE7_OTS-7.2テストガイドに連絡する機会もあります。 Fortinet NSE 7 - OT Security 7.2 認定 NSE7_OTS-7.2 試験問題 (Q63-Q68):質問 # 63
Refer to the exhibit.
PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other.
Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.)
A. FGT-2 controls intra-VLAN traffic through firewall policies.
B. Micro-segmentation on FGT-2 prevents direct device-to-device communication.
C. Traffic must be inspected by FGT-EDGE in OT networks.
D. The switch on FGT-2 must be hardware to implement micro-segmentation.
正解:A、B
質問 # 64
Which three common breach points can be found in a typical OT environment? (Choose three.)
A. Global hat
B. Hard hat
C. Black hat
D. RTU exploits
E. VLAN exploits
正解:B、C、D
質問 # 65
Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)
A. Highest to lowest priority defined in the firewall policy
B. Destination defined as internet services in the firewall policy
C. Services defined in the firewall policy.
D. Source defined as internet services in the firewall policy
E. Lowest to highest policy ID number
正解:A、B、C
解説:
The three criteria that a FortiGate device can use to look for a matching firewall policy to process traffic are:
A) Services defined in the firewall policy - FortiGate devices can match firewall policies based on the services defined in the policy, such as HTTP, FTP, or DNS.
D) Destination defined as internet services in the firewall policy - FortiGate devices can also match firewall policies based on the destination of the traffic, including destination IP address, interface, or internet services.
E) Highest to lowest priority defined in the firewall policy - FortiGate devices can prioritize firewall policies based on the priority defined in the policy. The device will process traffic against the policy with the highest priority first and move down the list until it finds a matching policy.
質問 # 66
Refer to the exhibit. The FGT-Edge device is a VPN gateway that allows remote administrators access to the local ICS network. Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources.
What is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?
A. Implement an additional firewall using an additional upstream link to the internet.
B. Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.
C. Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.
D. Configure outbound security policies with limited active authentication users of the third-party company.
正解:C
解説:
By splitting the edge FortiGate into VDOMs, you isolate the third-party company in its own virtual firewall. That VDOM can have outbound internet policies without exposing or risking the ICS networks protected by the other VDOMs.
質問 # 67
Refer to the exhibit. The network topology in the exhibit shows FortiGate devices as well as FortiAnalyzer and FortiSIEM for the OT network.
Which two steps must you take to configure logging on the OT network'? (Choose two.)
A. Configure FortiSIEM to send logs and alerts to FortiAnalyzer.
B. Configure FortiGate to send logs to FortiAnalyzer and FortiSIEM.
C. Configure FortiGate and FortiAnalyzer to send industrial signature patterns to FortiSIEM.
D. Configure FortiAnalyzer to send security events to FortiSIEM.
正解:B、D
解説:
FortiGates must forward their logs directly to both FortiAnalyzer and FortiSIEM for storage and correlation. FortiAnalyzer then forwards relevant security events to FortiSIEM, enabling centralized analytics across OT devices.
