Access Control Device Placement Quiz

Questions and Answers

Where can access control be implemented if using a FortiGate device within the zone?

• At the zone, floor, or plant level (correct)
• Only at the floor level
• Only at the zone level
• Only at the plant level

What needs to be placed and secured behind a firewall when using FortiAuthenticator as a remote authentication server?

• FortiGate and FortiAuthenticator
• Only FortiAuthenticator
• FortiAuthenticator and any other authentication servers for O.T (correct)
• Only the authentication servers for O.T

In the Purdue model, where can the authentication servers be implemented under the protection of the Edge-FortiGate?

• FortiAuthenticator (correct)
• FortiGate
• Any authentication server
• Remote authentication server

What can be used for remote users for VPN authentication on the Edge-FortiGate?

Two-factor authentication (C)

What is recommended in most cases regarding the use of a separate authentication server from O.T?

Using a separate authentication server from O.T (C)

What can FortiGate be configured for if using remote authentication within the zone?

Remote authentication and access control (D)

What can be restricted by using FortiGate within the zone, floor, or plant?

Traffic for critical assets (A)

What can be used in the policy to implement access control in the whole O.T network?

FSSO (C)

What can FortiAuthenticator be used as for the entire O.T network if placed under the protection of the Edge-FortiGate?

Remote authentication server (A)

What is recommended when using FortiAuthenticator and any other authentication servers for O.T?

Securing them behind a firewall (C)

What is used for the entire O.T network if using FSSO in the policy to implement access control?

FSSO (C)

What are the authentication methods configured in FortiAuthenticator?

FSSO, RADIUS, two-factor authentication with tokens, and L-DAP tree (B)

What type of authentication is configured on Edge-FortiGate?

VPN with two-factor authentication (A)

What does FortiNAC provide in an O.T environment?

Visibility and control (C)

What does FortiNAC enable in terms of network access?

Granular device identification enables thinly sliced networks (D)

What is the purpose of network micro-segmentation in FortiNAC?

Devices have only the access they require (B)

What is the second part (after visibility) to securing a network environment according to the text?

Controlling network access (D)

What is the purpose of creating granular policies in network access control?

To assign each endpoint exactly the access it needs to perform its job (D)

What is the benefit of knowing and trusting each endpoint in a network environment?

Creating granular policies for access control (C)

What is the role of FortiToken in the network environment?

Shared and used by multiple firewalls, not limited to one firewall or an H-A pair (B)

What type of access is granted to endpoints in the network environment?

Access is granted only to endpoints that are designated as trusted and secure (A)

What can be dynamically adjusted in the network environment according to the text?

Network access based on changes at the device level (D)

What is the function of network access policies in the network environment?

To assign each endpoint exactly the access it needs to perform its job (B)