Page: 1
/ 6
Total 29 questions
Refer to the exhibit.
The IPS profile is added on all of the security policies on FortiGate.
For an OT network, which statement of the IPS profile is true?
- A. FortiGate has no IPS industrial signature database enabled.
- B. The listed IPS signatures are classified as SCADA applications.
- C. All IPS signatures are overridden and must block traffic match signature patterns.
- D. The IPS profile inspects only traffic originating from SCADA equipment.
Answer : B
Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.)
- A. Network traffic goes through FortiGate.
- B. Network attacks can be detected and blocked.
- C. FortiGate acts as network sensor.
- D. FortiGate receives traffic from configured port mirroring.
Answer : CD
Refer to the exhibit.
A new operational technology rule is being created to monitor Modbus protocol traffic on FortiSIEM.
Which action will ensure all Modbus messages on the network match the rule?
- A. Set the Aggregate attribute value to equal to or greater than zero.
- B. Add a new condition to filter Modbus traffic based on the Source TCP/UDP port.
- C. This rule is valid and requires no additional changes.
- D. Remove attributes in the Group By section that are not configured in the Filter section.
Answer : B
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect protocols from PLCs.
Which security sensor must you implement to detect protocols on the OT network?
- A. Antivirusinspection
- B. Intrusion prevention system (IPS)
- C. Application control
- D. Deep packet inspection (DPI)
Answer : B
31 days access 