[2024年01月06日] 無料NSE 7 Network Security Architect NSE7_OTS-6.4公式認定ガイドPDFダウンロード [Q11-Q36]

[2024年01月06日] 無料NSE 7 Network Security Architect NSE7_OTS-6.4公式認定ガイドPDFダウンロード

Fortinet NSE7_OTS-6.4公式認定ガイドPDF

Fortinet NSE7_OTS-6.4認定は、グローバルに認知され、業界で高く評価されています。この認定は、OTセキュリティ分野での専門知識やスキルを示すものであり、キャリアアップの機会を求める人にとって貴重な資産となります。また、この認定を取得することで、Fortinet認定プロフェッショナルのグローバルネットワークにアクセスできるため、知識の共有やキャリアの成長に役立ちます。

Fortinet NSE7_OTS-6.4認定試験は、ICSおよびSCADAネットワークアーキテクチャ、プロトコル、および技術を含むOTセキュリティに関連する幅広いトピックをカバーしています。試験はまた、OT環境に固有のセキュリティリスクと脆弱性の理解、およびそれらのリスクに対処するFortinetのセキュリティソリューションに関する知識を試験します。認定試験は、安全なOT環境を設計、実装、および管理するために必要なスキルと知識を候補者に提供することを意図しています。

 

質問 # 11
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?

• A. FortiNAC
• B. FortiEDR
• C. FortiSwitch
• D. FortiGate

正解：A

質問 # 12
Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

• A. FortiGate is configured with forward-domains to forward only company domain website traffic.
• B. FortiGate is configured with forward-domains to forward only domain controller traffic.
• C. FortiGate is configured with forward-domains to reduce unnecessary traffic.
• D. FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

正解：C

質問 # 13
Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.
Which three steps should an administrator take to protect the OT network? (Choose three.)

• A. Configure firewall policies with web filter to protect the different ICS networks.
• B. Use segmentation
• C. Deploy a FortiGate device within each ICS network.
• D. Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.
• E. Configure firewall policies with industrial protocol sensors

正解：A、D、E

質問 # 14
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?

• A. MAC notification traps
• B. RADIUS
• C. Link traps
• D. End station traffic monitoring

正解：B

解説：
FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients that authenticate through the RADIUS server.
Reference:
Fortinet NSE 7 - OT Security 6.4 Study Guide, Chapter 4: OT Security Devices, page 4-28.

質問 # 15
You are investigating a series of incidents that occurred in the OT network over past 24 hours in FortiSIEM.
Which three FortiSIEM options can you use to investigate these incidents? (Choose three.)

• A. Risk
• B. IPS
• C. Security
• D. List
• E. Overview

正解：A、D、E

質問 # 16
An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.
How can the OT network architect achieve this goal?

• A. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.
• B. Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.
• C. Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
• D. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.

正解：C

質問 # 17
When you create a user or host profile, which three criteria can you use? (Choose three.)

• A. Host or user attributes
• B. Host or user group memberships
• C. An existing access control policy
• D. Location
• E. Administrative group membership

正解：A、B、D

解説：
https://docs.fortinet.com/document/fortinac/9.2.0/administration-guide/15797/user-host-profiles

質問 # 18
What triggers Layer 2 polling of infrastructure devices connected in the network?

• A. A matched profiling rule
• B. A matched security policy
• C. A linkup or linkdown trap
• D. A failed Layer 3 poll

正解：C

質問 # 19
Refer to the exhibit.

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?

• A. You must use a FortiAuthenticator.
• B. You must register the same FortiToken on more than one FortiGate.
• C. You must use a third-party RADIUS OTP server.
• D. You must use the user self-registration server.

正解：A

質問 # 20
Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

• A. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.
• B. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.
• C. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
• D. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

正解：D

質問 # 21
Refer to the exhibit.

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?

• A. You must use a FortiAuthenticator.
• B. You must register the same FortiToken on more than one FortiGate.
• C. You must use a third-party RADIUS OTP server.
• D. You must use the user self-registration server.

正解：A

質問 # 22
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

• A. Enable two-factor authentication with FSSO.
• B. Under config user settings configure set auth-on-demand implicit.
• C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
• D. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

正解：C

解説：
The OT supervisor should configure a firewall policy with FSSO users and place it on the top of list of firewall policies in order to achieve the goal of authenticating users against passive authentication first and, if passive authentication is not successful, then challenging them with active authentication.

質問 # 23
Refer to the exhibit.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

• A. IT and OT networks are separated by segmentation.
• B. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
• C. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
• D. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.

正解：A、C

質問 # 24
Refer to the exhibit and analyze the output.

Which statement about the output is true?

• A. This is a sample of a FortiAnalyzer system interface event log.
• B. This is a sample of an SNMP temperature control event log.
• C. This is a sample of a PAM event type.
• D. This is a sample of FortiGate interface statistics.

正解：A

質問 # 25
What two advantages does FortiNAC provide in the OT network? (Choose two.)

• A. It can be used for industrial intrusion detection and prevention.
• B. It can be used for network micro-segmentation.
• C. It can be used for IoT device detection.
• D. It can be used for device profiling.

正解：C、D

解説：
Typically, in a microsegmented network, NGFWs are used in conjunction with VLANs to implement security policies and to inspect and filter network communications. Fortinet FortiSwitch and FortiGate NGFW offer an integrated approach to microsegmentation.

質問 # 26
What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

• A. Direct VLAN assignment
• B. Enhanced point of connection details
• C. Importation and classification of hosts
• D. Adapter consolidation for multi-adapter hosts

正解：B、C

解説：
The two benefits of a Nozomi integration with FortiNAC are enhanced point of connection details and importation and classification of hosts. Enhanced point of connection details allows for the identification and separation of traffic from multiple points of connection, such as Wi-Fi, wired, cellular, and VPN. Importation and classification of hosts allows for the automated importing and classification of host and device information into FortiNAC. This allows for better visibility and control of the network.

質問 # 27
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?

• A. FortiNAC
• B. FortiEDR
• C. FortiGate
• D. FortiSwitch

正解：C

解説：
An OT network architect can accomplish the goal of securing control area zones with a single network access policy to provision devices to any number of different networks on a FortiGate device.

質問 # 28
An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.
Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

• A. You cannot use Windows and Linux hosts security events with FortiSoC.
• B. Each playbook can include multiple triggers.
• C. You can automate SOC tasks through playbooks.
• D. You must set correct operator in event handler to trigger an event.

正解：B、C

解説：
Ref: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/268882/fortisoc

質問 # 29
Refer to the exhibit.

An OT administrator ran a report to identify device inventory in an OT network.
Based on the report results, which report was run?

• A. A FortiSIEM analytics report
• B. A FortiSIEM CMDB report
• C. A FortiAnalyzer device report
• D. A FortiSIEM incident report

正解：B

質問 # 30
Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

• A. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
• B. Port5 is not a member of the software switch.
• C. The FortiGate devices is in offline IDS mode.
• D. The FortiGate-Edge device must be in NAT mode.

正解：C、D

質問 # 31
Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.
Which statement about the topology is true?

• A. An administrator can create firewall policies in the switch to secure between PLCs.
• B. This integration solution expands VLAN capabilities from Layer 2 to Layer 3.
• C. PLCs use IEEE802.1Q protocol to communicate each other.
• D. There is no micro-segmentation in this topology.

正解：D

質問 # 32
Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

• A. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.
• B. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.
• C. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
• D. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

正解：D

質問 # 33
Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

• A. The FortiGate devices is in offline IDS mode.
• B. Port5 is not a member of the software switch.
• C. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
• D. The FortiGate-Edge device must be in NAT mode.

正解：C、D

質問 # 34
Which three common breach points can be found in a typical OT environment? (Choose three.)

• A. Global hat
• B. Black hat
• C. VLAN exploits
• D. Hard hat
• E. RTU exploits

正解：B、D、E

質問 # 35
An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?

• A. A supervisor can enable it through the FortiGate CLI.
• B. By default, the industrial database is enabled.
• C. An administrator must create their own database using custom signatures.
• D. A supervisor must purchase an industrial signature database and import it to the FortiGate.

正解：A

質問 # 36
......

無料NSE7_OTS-6.4試験問題集試験点数を伸ばそう：https://www.jpntest.com/shiken/NSE7_OTS-6.4-mondaishu