NSE7_OTS-6.4 Exam QuestionsBrowse all questions from this exam
Go to Exam

NSE7_OTS-6.4 Exam - Question 20

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

Show Answer
Correct Answer: BDE

To protect the OT network, the administrator should implement the following steps. First, deploy a FortiGate device within each ICS network to provide localized security controls and offer protection from threats that propagate within each network. Second, configure firewall policies with industrial protocol sensors to monitor and filter traffic specific to industrial protocols, thereby protecting against threats targeting these protocols. Finally, use segmentation to divide the network into smaller segments, which helps to contain and prevent the spread of threats and makes the network easier to manage and secure.

Discussion

7 comments
Sign in to comment
ali_redOptions: BDE
Oct 28, 2024

BDE for sure

pochmendozaOptions: BDE
May 13, 2024

This should be B, D, E from study guide, page 181

JbeaulieuOptions: BDE
Jun 12, 2024

study guide OT 6.4 , page 181

Net_Sec2Options: BDE
Jun 19, 2024

Explanation/Reference:studyguide_page181

cciesamOptions: BDE
Jul 27, 2024

Ans: BDE

SpippoloOptions: BDE
Aug 26, 2024

To protect the different IS environments and limit the propagation of attacks coming from IT to the different ICS networks or elements, segmentation is recommended. In this example, the FortiGate creates conduits that stop threats from propagating between ICS network 1 and ICS network 2. Expanding on this concept, by placing FortiGate devices at strategic points within the IS network itself, you can granularly segment different zones creating an extra layer of protection for the endpoints and controllers as well as protect the data flow and communications between them. FortiGate has specific ICS and SCADA-aware functionality, and can identify and police most of the common ICS and SCADA protocols. In parallel to this specific protocol support, additional vulnerability protection is provided for applications and devices from the major ICS manufacturers through a set of signatures.

Pledian
Dec 8, 2024

The correct answers are C, D, and E. A, B, and C are incorrect answers. A. Powering on the VM will not allow it to be live migrated to Clusters A and B. B. Disabling EVC will prevent the VM from being live migrated to Clusters A and B. C. Rebooting the VM will not allow it to be live migrated to Clusters A and B.