DNP3 Granular Application Control Quiz

Play an AI-generated podcast conversation about this lesson

What does the application DNP3_Cold.Restart indicate?

Sending a warm restart command to a DNP3 device by an unauthorized DNP3 client

Sending a power-up command to a DNP3 device by an authorized DNP3 client

Sending a device restart command to a DNP3 device by an unauthorized DNP3 client

Sending a cold restart command to a DNP3 device by an authorized DNP3 client (correct)

What can continuously sending the DNP3_Cold.Restart command cause?

Improved device security

Device enhancement

Denial of service (DoS) condition (correct)

Increased network efficiency

How are application control signatures organized?

In a hierarchical structure (correct)

In a circular structure

In a linear structure

In a random structure

What does FortiOS provide administrators in terms of inspecting sub-application traffic?

All the tools they need (B) Signup and view all the answers

What can be done using FortiGate in terms of industrial protocols like Modbus?

Support a variety of industrial protocols along with their subcategories (A) Signup and view all the answers

In the example provided, what is the primary device in the Modbus TCP implementation?

Modbus Client (A) Signup and view all the answers

What is the IP address of the primary device in the Modbus TCP implementation?

10.10.3 (B) Signup and view all the answers

What does the application DNP3_Read indicate?

Detection of the DNP3 read command (C) Signup and view all the answers

What does the application DNP3_Write indicate?

Detection of the DNP3 write command (C) Signup and view all the answers

What does the parent signature do in the hierarchical structure of application control signatures?

Takes precedence over the child signature (A) Signup and view all the answers

What can administrators do using FortiOS in terms of DNP3_Write and DNP3_Read?

Block DNP3_Write while allowing devices to collaborate using DNP3_Read (C) Signup and view all the answers

What is the IP-address of the switch interface named ssw-01?

10.10.4.1 (A) Signup and view all the answers

Where is the Conpot server connected to FortiGate?

Port5 (D) Signup and view all the answers

What protocol is the Conpot server on PLC1 simulating?

Modbus (A) Signup and view all the answers

What type of traffic will be allowed and identified by the default application control profile on the firewall policy?

Modbus traffic (B) Signup and view all the answers

What does the application name for the traffic sent from the Modbus client primary to the Conpot server indicate?

Detection of the Modbus_Diagnostics command (B) Signup and view all the answers

What are the most common breach points in an O.T environment?

All of the above (D) Signup and view all the answers

What type of exploit can compromise RTU or HMI in an O.T environment?

DoS attack (A) Signup and view all the answers

What type of attack can the SCADA system be vulnerable to in an O.T environment?

DoS and malicious control (A) Signup and view all the answers

What does the term 'Air gap breached' refer to in an O.T environment?

Physical connection between secure and insecure networks (D) Signup and view all the answers

What does the term 'Droppers USB' refer to in the context of breach points in an O.T environment?

USB devices used for introducing malware (A) Signup and view all the answers

What is the purpose of the firewall policy configured to allow and log all traffic from port3 to the ssw-01 interface of FortiGate for all services?

To monitor and control traffic flow (D) Signup and view all the answers