Get Fortinet NSE6_OTS_AR-7.6 Exam Practice Questions - Real and Updated

Answer : D

The correct answer is D. You can configure forward domain IDs for each network. The study guide explains that in FortiGate transparent mode, ''all interfaces belong to the same broadcast domain, even interfaces with different VLAN IDs'' and then states that you should ''use this command to subdivide into multiple broadcast domains'' with set forward-domain <domain_ID>. It further explains that ''interfaces with the same domain ID belong to the same broadcast domain'' and ''traffic arriving on one interface is broadcast only to interfaces in the same forward domain ID.'' This is exactly the mechanism used to separate one internal network from another and improve segmentation.

The other options do not match this requirement. Universal ZTNA is described as controlling user access to applications, not segmenting two internal OT networks. An explicit software switch is for controlling intra-switch or intra-VLAN traffic inside the same software switch broadcast domain, which is more aligned with microsegmentation than separating two routed internal networks. One traffic VDOM does not create segmentation by itself; segmentation with VDOMs requires multiple VDOMs, not one. Therefore, the best choice for segmenting network 1 and network 2 in this scenario is to assign separate forward domain IDs.

Answer : C

The correct answer is C. Industrial Control System (ICS). The study guide states that ''ICS is a main component of OT'' and ''consists of systems used for monitoring and controlling industrial processes.'' It also explains that ICS includes various devices, systems, controls, and networks that manage industrial processes, and that the most common types are SCADA and distributed control systems (DCS). This makes ICS the primary OT component for monitoring and controlling industrial processes.

The other options are related OT components, but they are not the best answer to this wording. SCADA collects real-time data and helps visualize and control the OT environment, but it is described as a system within the broader ICS structure. PLC devices collect and transmit real-time data and connect sensors and RTUs to SCADA, while IIoT refers to sensors, actuators, and other connected field devices. Therefore, the overarching main OT component for monitoring and controlling industrial processes is ICS.

Answer : A, C

The correct answers are A and C. The study guide explains that ''You can use application control signatures to detect OT protocols'' and that application control provides ''granular message type identification.'' In the exhibit, the Operational Technology application category is included in the Application Sensor profile, so OT application signatures are enabled in this profile.

Option C is also correct because the override table shows Modbus_Read.Holding.Registers = Allow and Modbus = Block. The study guide states that you can use specific granular application control signatures to allow a specific Modbus command and block all others, and it also shows that application control can identify read and write commands separately at message level. Therefore, Modbus write commands are blocked by this profile.

Option B is incorrect because the profile is not simply monitoring all OT protocols; it contains a Block action for Modbus. Option D is incorrect because the study guide links OT protocol visibility specifically to the monitor status, while in the exhibit Modbus_Read.Holding.Registers is set to Allow, not Monitor.

Answer : C

According to the OT Security 7.6 Architect study guide regarding IEC 62443 Security Levels:

Security Level 4 (SL 4) Definition: This level provides 'Protection against intentional violation using sophisticated means with extended resources, specific skills, and high motivation'.

Real-World Application: The study guide specifically notes: 'If you are facing a syndicate of cyber extortionists with extensive resources and capabilities, then you should strive for security level 4'.

Comparison to other levels:

SL 1: Protection against 'casual or unintentional system violation'.

SL 2: Protection against 'intentional violation using simple means with low resources'.

SL 3: Protection against 'intentional violation using sophisticated means with moderate resources'.

Answer : A, C

The correct answers are A and C.

Option C is correct because the profile clearly contains the Operational Technology category and specific OT application signatures such as Modbus and IEC.60870.5.104. The study guide says ''You can use application control signatures to detect OT protocols'' and ''You can filter to a specific OT protocol.'' That means OT application signatures are active in this sensor profile.

Option A is correct because the guide explains that application control works at different levels: ''Detection of protocol (one detection per session)'' and ''Message level (one detection per protocol message).'' It also says you can use application signatures for ''granular message type identification.'' In the exhibit, IEC.60870.5.104.Control.Functions is explicitly configured, which is a granular IEC message/control-level signature rather than only a protocol-level match. That means logging and control can occur at the IEC command level.

Option B is not correct because the profile shows Modbus configured at the parent protocol level as Monitor, while the guide states that the ''parent signature takes precedence over the child signature.'' Since protocol-level detection is one detection per session, that does not mean FortiGate will necessarily log each Modbus command individually.

Option D is incorrect because even though the broader Operational Technology category is set to block, the profile includes specific application and filter overrides for Modbus and IEC 104 behavior. So the resulting effect is not simply that all OT protocols are blocked.