● NSE 6 - OT Security 7.2 Architect Exam Materials
Please note that the exam "NSE 6 - OT Security 7.2 Architect" is no longer offered by Fortinet and is not available for booking through Pearson VUE, so we opened it on free view,
It has been replaced by the exam "NSE 6 - OT Security 7.6 Architect"
The new exam version is available on Brave-Dumps and can be purchased.
It has been replaced by the exam "NSE 6 - OT Security 7.6 Architect"
The new exam version is available on Brave-Dumps and can be purchased.
Question #71
Question #72
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect protocols from PLCs.
Which security sensor must you implement to detect protocols on the OT network?
(Choose one answer)
- A. Antivirusinspection
- B. Intrusion prevention system (IPS)
- C. Application control
- D. Deep packet inspection (DPI)
Question #73
Which statement is true about incidents triggered by the rules on FortiSIEM? (Choose one answer)
- A. Email notifications are always sent whether an existing incident is in place or for new incidents.
- B. Previous incidents cannot continue to reference new incidents of the same trigger or event.
- C. Incidents can reference to different IDs.
- D. Collects information and other incident related information.
Question #74
Why would an administrator configure multiple programmable logic controllers (PLCs) and remote terminal units (RTUs) to send log messages to FortiAnalyzer for processing? (Choose one answer)
- A. To help OT administrators troubleshoot and diagnose the OT network.
- B. To determine which type of messages from the PLC or RTU causes issues in the plant.
- C. To isolate PLCs or RTUs in the event of external attacks.
- D. To track external threats and prevent them attacking the OT network.
Question #75
Refer to the exhibit.
A FortiGate device is deployed as the secure gateway of the OT network. To protect the low level of ICS networks, downstream FortiGate devices are deployed in the control area zone.
What additional steps as an OT network architect you can implement to provide extra security to the process layer?
(Choose two answers)
- A. Enforce communication between hosts of the same VLAN subnet
- B. Implement micro-segmentation on each ICS network
- C. Configure one forward domain on all interfaces
- D. Manage traffic flows with firewall policies
Question #76
Which statement about how FortiNAC re-evaluates previously profiled devices is true? (Choose one answer)
- A. FortiNAC remembers the matching rule of the rogue device.
- B. FortiNAC considers rogue devices as known endpoints.
- C. FortiNAC matches the rogue device with only one device profiling rule.
- D. FortiNAC detects rogue devices by the IP address.
Question #77
Which two of the following features do most industrial protocols lack? (Choose two answers)
- A. Authentication
- B. Deterministic timing
- C. TLS encryption
- D. Real-time data exchange
Question #78
Refer to the exhibit.
Based on the topology designed by the operational technology (OT) architect, which two statements about implementing OT security are true?
(Choose two answers)
- A. Industrial control system (ICS) networks are defined as layer 2 VLAN networks.
- B. FortiGate-A protects the IT network.
- C. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
- D. IT and OT networks are separated by segmentation.
Question #79
Refer to the exhibit.
In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.
What can be done to improve the security in this situation?
(Choose one answer)
- A. Implement micro-segmentation.
- B. Create firewall policies in the switch to secure traffic between PLCs.
- C. Configure PLCs to use the IEEE802.1Q protocol to communicate with each other.
- D. Implement a solution that expands VLAN capabilities from Layer 2 to Layer 3.
Question #80
Refer to the exhibit.
You need to configure VPN user access for supervisors at the branch and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?
(Choose one answer)
- A. Deploy FortiAuthenticator.
- B. Direct users to the self-registration server portal.
- C. Import the FortiToken on each FortiGate.
- D. Use a RADIUS OTP server.
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true? (Choose one answer)