Professional Documents
Culture Documents
מתוקף OT Security 6.4 Sample Questions
מתוקף OT Security 6.4 Sample Questions
Question 1
Correct
1 points out of 1
Which three device profiling methods of FortiNAC are considered non-direct? (Choose three.)
Question 2
Correct
1 points out of 1
Question 3
Correct
1 points out of 1
Select one:
It can identify several endpoints with a single rule.
It creates a one-to-one association between a network access policy and a VLAN.
It simplifies network access policy management by reducing the number of policies needed.
It groups up to 10 VLANs into a single policy.
1 of 4 10/23/2022, 10:50 AM
OT Security 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=12373462&...
Question 4
Correct
1 points out of 1
A supervisor is configuring an application filter sensor to block Modbus traffic between PLC-1 and PLC-2. When creating a new application
sensor, the supervisor is not able see any industrial signatures.
Which change must the supervisor must make in order to see all the industrial signatures in the application filter?
Select one:
The supervisor must contact the FortiGuard team to collect the industrial signature database.
The supervisor must configure exclude-signatures to none.
The supervisor must enable the FortiGuard industrial signatures under config system global.
The supervisor must generate some Modbus logs in order to see the Modbus signatures.
Question 5
Correct
1 points out of 1
What is the main difference between real-time logs and historical logs on FortiAnalyzer?
Select one:
Real-time logs are indexed in the SQL database, but historical logs are not.
Historical logs are compressed and real-time logs are indexed in the SQL database.
Historical logs are indexed in the SQL database, but real-time logs are not.
Real-time logs are indexed while historical logs are compressed in the SQL database.
Question 6
Correct
1 points out of 1
An OT customer is using multiple FortiGate devices in their network to implement two-factor authentication with hardware FortiTokens. A
supervisor is carrying multiple FortiTokens to be used when logging in to a critical server behind different FortiGate devices.
As an OT network architect, which approach must you take in order to assign one token per user and still use two-factor authentication on
multiple FortiGate devices?
Select one:
Configure FSSO-based two-factor authentication.
Implement FortiAuthenticator with FortiTokens provisioned for each user, and configure FortiAuthenticator as remote authentication
server on all FortiGate devices in the OT network.
Provision the Edge-FortiGate device with all the FortiTokens and configure it as a remote authentication server on other FortiGate devices.
Implement a FortiManager and manage all FortiGate devices in the OT network to share the FortiTokens database.
Question 7
Correct
1 points out of 1
2 of 4 10/23/2022, 10:50 AM
OT Security 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=12373462&...
Which deployment option allows an administrator to detect intrusions without any modifications to production traffic?
Select one:
Offline IDS
Inline IPS and IDS
Virtual patching
Offline IPS
Question 8
Correct
1 points out of 1
An administrator needs to group FortiGate wireless interfaces in NAT mode with multiple physical interfaces.
What interface type must the administrator select to group multiple FortiGate interfaces with the wireless interface?
Select one:
VLAN interface
Redundant interface
Aggregate interface
Software switch interface
Question 9
Correct
1 points out of 1
A supervisor is configuring a software switch on a FortiGate device. What must the supervisor configure on FortiGate to control the traffic
between member interfaces on the software switch, using firewall policies?
Select one:
The supervisor must add different VLAN interfaces to the software switch.
The supervisor must configure the software switch with at least one wireless interface and one VLAN interface.
The supervisor must configure a separate forward domain for the software switch.
The supervisor must configure intra-switch-policy to explicit.
Question 10
Correct
1 points out of 1
Select one:
UDP port500
TCP port502
TCP port214
TCP port443
3 of 4 10/23/2022, 10:50 AM
OT Security 6.4 Sample Questions: Attempt review https://training.fortinet.com/mod/quiz/review.php?attempt=12373462&...
Question 11
Correct
1 points out of 1
Which three protocols are used as industrial Ethernet protocols? (Choose three.)
4 of 4 10/23/2022, 10:50 AM