매달, 우리는 1000명 이상의 사람들이 시험 준비를 잘하고 시험을 잘 통과할 수 있도록 도와줍니다.
Fortinet NSE 6 - OT Security 7.6 Architect 온라인 연습
최종 업데이트 시간: 2026년04월21일
당신은 온라인 연습 문제를 통해 Fortinet NSE6_OTS_AR-7.6 시험지식에 대해 자신이 어떻게 알고 있는지 파악한 후 시험 참가 신청 여부를 결정할 수 있다.
시험을 100% 합격하고 시험 준비 시간을 35% 절약하기를 바라며 NSE6_OTS_AR-7.6 덤프 (최신 실제 시험 문제)를 사용 선택하여 현재 최신 69개의 시험 문제와 답을 포함하십시오.
정답:
Explanation:
According to the OT Security 7.6 Architect study guide regarding IEC 62443 Security Levels:
Security Level 4 (SL 4) Definition: This level provides "Protection against intentional violation using sophisticated means with extended resources, specific skills, and high motivation".
Real-World Application: The study guide specifically notes: "If you are facing a syndicate of cyber extortionists with extensive resources and capabilities, then you should strive for security level 4".
Comparison to other levels:
SL 1: Protection against "casual or unintentional system violation".
SL 2: Protection against "intentional violation using simple means with low resources".
SL 3: Protection against "intentional violation using sophisticated means with moderate resources".
정답:
Explanation:
Based on the OT Security 7.6 Architect study guide regarding the Asset Identity Center and Asset Management:
Vulnerability Visibility: The Asset Identity List tab displays key metadata for IT and OT devices, including detected addresses, users, and a specific column for Vulnerabilities.
Virtual Patching Feature: In the OT Security 7.6 architecture, the "Vulnerabilities" column is populated through the OT Security Service license, which includes "OT vulnerability correlation definitions & virtual patching signatures".
Correlation Mechanism: FortiGate extracts metadata from OT traffic and uses these signatures to identify known vulnerabilities on the assets. For these vulnerabilities to be identified and correlated in the Asset Identity Center as shown in the exhibit (displaying a count of 8 vulnerabilities), the Virtual Patching feature must be active.
Architectural Implementation: Virtual patching is a critical component of the "Protection" layer in OT networks, allowing administrators to secure legacy or unpatchable PLCs and RTUs by blocking exploit attempts at the network level using IPS-based virtual patching signatures.
Exhibit Analysis: The presence of identified vulnerabilities (the number "8" in the red shield) in the Asset Identity List confirms that the FortiGate is actively performing vulnerability correlation, which is the operational result of having a Virtual Patching security profile applied to the relevant firewall policy.
정답:
Explanation:
According to the OT Security 7.6 Architect study guide section on Asset Management, specifically regarding FortiNAC Visibility:
Layer 2 Polling Data: Because each physical address is unique, FortiNAC identifies hosts as they connect to the network. The information gathered during this process fills in the physical address and location information in the database.
Visibility Components: The guide states that the physical address learned, the time it was learned, and where it was learned from provide the foundation of endpoint visibility in the form of "what, where, and when" information. This confirms that Where it was learned (Option A) and The time it was learned (Option D) are correct.
Exclusions:
Layer 3 Polling: The MAC-to-IP correlation (Option B) is explicitly defined as a function of Layer 3 polling, where the correlated IP address is added to the database record for the corresponding MAC address.
DHCP Fingerprinting: The host name or system name (Option C) and the operating system are gathered via DHCP fingerprinting, not layer 2 polling.
정답:
Explanation:
Based on the exhibit and the OT Security 7.6 Architect standards for Secure Remote Access:
Secure Tunneling (Statement A): The exhibit shows a Remote PC connecting through a VPN Cloud to the Edge-FortiGate. In the Fortinet architecture, IPsec VPN is the primary method for establishing a secure, encrypted tunnel for remote administrators or supervisors to access the internal OT segments (Level 2/3) from an external location.
Multi-Factor Authentication (Statement B): Secure remote access in OT environments (aligned with IEC 62443 standards) requires strong authentication. The study guide emphasizes the use of FortiToken to provide Two-Factor Authentication (2FA) for VPN users, ensuring that compromised credentials alone are not enough to gain access to critical infrastructure.
FSSO (Statement D): Fortinet Single Sign-On is generally used for identifying internal users already on the network to apply identity-based policies; it is not the primary mechanism for establishing the remote connection itself.
SD-WAN (Statement C): While SD-WAN can manage the path of the VPN traffic, it is a WAN optimization and reliability feature, not a "secure remote access" feature for a supervisor in the context of authentication and encryption.
정답:
Explanation:
According to the OT Security 7.6 Architect study guide regarding FortiAnalyzer Event Management:
Notification Options: When configuring a new event handler, FortiAnalyzer provides several built-in notification methods to alert administrators when specific log criteria are met. The most common and direct method is Send alert email (Option A).
Incident Management: To streamline the SOC workflow, an event handler can be configured to Automatically create an incident (Option D) based on the triggered event. This moves the event into the Incident Manager for further analysis.
Security Fabric Integration: In the 7.6 architecture, event handlers can directly trigger an Automation stitch (Option E). This allows the FortiAnalyzer to notify the root FortiGate to take action (like running a CLI script or changing a policy) across the Security Fabric.
Exclusions: Create a report (Option B) is typically a task performed by a Playbook or a scheduled report job, not a direct setting inside the basic event handler configuration. Quarantine an attacker (Option C) is an action that results from an automation stitch or playbook, but it is not a direct configuration toggle within the event handler itself.
정답:
Explanation:
Based on the technical data provided in the exhibits and the OT Security 7.6 Architect curriculum:
Industrial Protocol Identification (Statement A): The log details exhibit clearly shows that the Destination Port used in the attack is 502. According to the study guide's section on Industrial Protocol Protection, the standard port used by the Modbus TCP protocol is 502. Furthermore, the attack name identifies a "Triangle.Research.Nano-10.PLC," which are industrial controllers commonly utilizing Modbus for communications.
Attack Mitigation (Statement B): The log details specify that the Action taken by the FortiGate (Edge-FortiGate) was dropped. In cybersecurity and Fortinet fabric operations, dropping a packet associated with an IPS signature means the traffic was blocked from reaching its target, thereby mitigating the attack.
Target IP Address (Statement E): The log detail explicitly lists the Destination IP as 192.168.2.3. The Incident Analysis page also titles the incident with dstip:192.168.2.3. While the "Affected Endpoint" is shown as 10.1.5.20, in an "outgoing" attack direction (as shown in the log), this likely refers to the internal source/attacker IP, whereas the target is the destination IP (192.168.2.3). Thus, Statement E is incorrect.
Protocol Conflict (Statement C): The IEC 104 protocol typically utilizes port 2404. Since the log specifies port 502, Statement C is incorrect.
Severity Distinction (Statement D): While the Incident severity is marked as High, the question specifically asks about event severity. The "Events" table at the bottom of the Incident Analysis page shows a "User login/logout failed" event with a medium severity. Because there is a distinction in the management console between the severity of individual events and the aggregated incident, and Statement A and B are technically definitive based on port and action, A and B are the correct architectural choices.
정답:
Explanation:
Based on the provided exhibits from the FortiAnalyzer playbook engine:
Playbook Trigger Condition: The Partial Playbook configuration exhibit shows that the playbook is set to trigger based on a condition where the Basic Handler Name is Equal To IPS_Attack_Handling.
Event vs. Log: In FortiAnalyzer, the field Basic Handler Name is a property of an Event record, indicating the specific Event Handler that generated it. A playbook configured with this condition is triggered by an Event, not directly by a raw log.
Playbook Execution Flow: The Partial Playbook Monitor view shows the execution sequence:
Event_Trigger (Starter): This is the entry point of the playbook, which matches the condition defined in the configuration.
IPS_Attack_Incident: The first task executed after the trigger.
Run_Report: The task in question, which is executed as part of the automated workflow initiated by the starter.
Conclusion: Since the playbook's "Starter" is defined by the IPS_Attack_Handling handler name, an event produced by that handler is the root trigger for the entire playbook execution, including the Run_Report task.
Therefore, the Run_Report task was triggered (as part of the playbook) by an IPS_Attack_Handling event.
정답:
Explanation:
Deploying a FortiGate in offline IDS (also known as one-arm sniffer mode) is a common strategy in OT environments for several reasons found in the study guide:
Priority of Availability: In OT, availability and safety are critically important and prioritized higher than in IT. An offline IDS minimizes impact because it does not sit in the direct path of production traffic.
Network Sensor Role: In this mode, the FortiGate is connected to a mirror/SPAN port on a switch. It acts as a network sensor, receiving a copy of the traffic rather than having the traffic flow through it. This confirms Statement A is correct and Statement D is incorrect.
Passive vs. Active: The guide explicitly states that in OT environments, passive methods are preferred over active methods to avoid negatively impacting performance or causing process interruptions.
Depth of Visibility: Even though the device is offline, you apply security profiles (such as IPS, Application Control, and Antivirus) to the sniffer interface. This allows the FortiGate to analyze the copied traffic and provide deep visibility into the OT assets and their behaviors. This confirms Statement B is correct.
Detection vs. Prevention: An IDS (Intrusion Detection System) is passive; it can detect threats but cannot reset connections or drop packets to block attacks. Therefore, it cannot block zero-day attacks, making Statement C incorrect.
정답:
Explanation:
The verified answer is
C. The Fabric settings. The study guide ties FortiAnalyzer-triggered actions to the Security Fabric relationship with FortiGate, not to playbook tasks or standalone event handlers alone. It explains that “within the Security Fabric environment, FortiAnalyzer is a key element in the creation of automation stitches” and shows the flow where a downstream FortiGate sends logs to FortiAnalyzer, then FortiAnalyzer parses the logs and notifies the root FortiGate, after which the root FortiGate triggers the action. This shows that FortiAnalyzer must be configured so it can communicate with FortiGate through the Security Fabric.
The guide also states that FortiAnalyzer is the foundation of the Security Fabric, providing logging, reporting, analytics, and automation for Fabric devices and endpoints. It further explains that the FortiAnalyzer Fabric connector consolidates the traffic logs within the Security Fabric. This confirms that the automation workflow depends on proper Security Fabric integration. A playbook task is used for automated SOC actions, and an event handler is used to generate events from logs, but neither one alone establishes the direct communication path needed between FortiAnalyzer and FortiGate. Therefore, the required configuration on FortiAnalyzer is the Fabric settings.
정답:
Explanation:
Based on the provided exhibit and the OT Security 7.6 Architect curriculum regarding the Fortinet Security Fabric:
Fabric Role: The exhibit clearly shows that FortiGate-2 has the role set to Join Fabric. This confirms it is a downstream device and not the Fabric Root (eliminating Option A).
Upstream Connection: The device is configured to point to an Upstream FortiGate at IP address 10.1.2.254.
Fabric Status: The status is currently displayed as Not Connected. In a standard Fortinet Security Fabric deployment, once a downstream device is configured to join the fabric, it sends a request to the upstream root device. The root FortiGate must then explicitly authorize the downstream unit before the connection is established and the status changes to "Connected."
Authorization Requirement: The "Not Connected" status, while having the upstream IP correctly configured, is the classic indicator that the authorization step is pending on the root FortiGate. Furthermore, under the LAN Edge Devices section, it shows another downstream FortiGate requiring authorization on this specific unit, highlighting that authorization is a manual security requirement for all stages of the Fabric hierarchy.
FortiAnalyzer Status: While the Logging & Analytics section shows FortiAnalyzer is Disabled, this is a configuration choice and does not prevent the Security Fabric from connecting; therefore, configuring it is not the solution to the connectivity status shown (eliminating Option C).
In summary, FortiGate-2 cannot join the fabric until an administrator logs into the Root FortiGate (10.1.2.254) and authorizes the join request from FortiGate-2
정답:
정답:
정답:
Explanation:
Ref: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/268882/fortisoc
정답:
정답: