An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

1. A. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
2. B. Enable two-factor authentication with FSSO.
3. C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
4. D. Under config user settings configure set auth-on-demand implicit.

Correct Answer: C
The OT supervisor should configure a firewall policy with FSSO users and place it on the top of list of firewall policies in order to achieve the goal of authenticating users against passive authentication first and, if passive authentication is not successful, then challenging them with active authentication.

An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.
How can the OT network architect achieve this goal?

1. A. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.
2. B. Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
3. C. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.
4. D. Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.

Correct Answer: C
This way, FortiSIEM can discover and monitor everything attached to the remote network and provide security visibility to the corporate network

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

1. A. Planning a threat hunting strategy
2. B. Implementing strategies to automatically bring PLCs offline
3. C. Creating disaster recovery plans to switch operations to a backup plant
4. D. Evaluating what can go wrong before it happens

Correct Answer: BC

Refer to the exhibit and analyze the output.

Which statement about the output is true?

1. A. This is a sample of a FortiAnalyzer system interface event log.
2. B. This is a sample of an SNMP temperature control event log.
3. C. This is a sample of a PAM event type.
4. D. This is a sample of FortiGate interface statistics.

Correct Answer: C

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.
Management hires a third-party company to conduct health and safety on site. The third- party company must have outbound access to external resources.
As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?

1. A. Configure outbound security policies with limited active authentication users of the third- party company.
2. B. Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.
3. C. Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.
4. D. Implement an additional firewall using an additional upstream link to the internet.

Correct Answer: C