Fortinet Exam NSE7_OTS-7.2 Topic 1 Question 4 Discussion

Actual exam question for Fortinet's NSE7_OTS-7.2 exam

Question #: 4
Topic #: 1

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.

Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources.

As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?

AConfigure outbound security policies with limited active authentication users of the third-party company.

BCreate VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.

CSplit the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.

DImplement an additional firewall using an additional upstream link to the internet.

Show Suggested Answer

Suggested Answer: C

by Chaya at Apr 14, 2024, 02:57 PM

Limited Time Offer

25%

Off

Get Premium NSE7_OTS-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Florinda

11 days ago

I agree, this is a classic security vs. accessibility dilemma. We don't want to open up the network too much, but we also need to let the third-party company do their job. Perhaps a combination of solutions could work best?

upvoted 0 times

...

Margery

11 days ago

Haha, that's a good one! I like the idea of giving them their own little domain to play in, as long as it keeps the ICS networks safe.

upvoted 0 times

...

Selma

12 days ago

Creating VPN tunnels between the downstream FortiGate devices and the edge FortiGate, as in Option B, could be a good way to protect the ICS network traffic. That way, the third-party company can access external resources without directly connecting to the ICS networks.

upvoted 0 times

...

Sarah

13 days ago

Hmm, this is a tricky one. We need to strike a balance between providing access for the third-party company while still maintaining tight security for the ICS networks. Let's weigh the pros and cons of each option.

upvoted 0 times

...

Dallas

13 days ago

You know, if we go with Option C, we could name the third-party VDOM something like 'The Island of Misfit Toys.' Just to keep things lighthearted, you know?

upvoted 0 times

...

Naomi

14 days ago

This question is really testing our understanding of OT network security best practices. We need to find a way to give the third-party company access while still keeping the ICS networks secure.

upvoted 0 times

...