Purdue Model and Fortinet Fabric Security Quiz
24 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What devices are typically found at Level 1 of the control area zone in the Purdue model?

  • NGFW and switching
  • PLCs, RTUs, and IEDs (correct)
  • I-IoT devices
  • Authentication servers and workstations
  • Which security solutions are recommended for achieving visibility of devices at Level 1 of the control area zone?

  • NGFW and switching
  • FortiEDR and virtual patching
  • Two-factor authentication and policy controls
  • FortiGate and FortiNAC (correct)
  • What is the recommended method for securing the processes and programs at Level 2 of the control area zone?

  • Two-factor authentication and policy controls
  • FortiGate and FortiNAC
  • NGFW and switching
  • Firewall segmentation, application control, and virtual patching (correct)
  • Which servers and workstations are typically found at Level 3 of the control area zone?

    <p>Authentication servers, engineering workstations, and operator workstations</p> Signup and view all the answers

    What are the base requirements of a solution for Level 3.5 in the Purdue model?

    <p>NGFW and switching</p> Signup and view all the answers

    What is the recommended method for ensuring process availability and security directly on the servers at Level 2?

    <p>Deploying FortiEDR</p> Signup and view all the answers

    Which devices need to be segmented from Level 1 and Level 2 in the control area zone?

    <p>I-IoT devices</p> Signup and view all the answers

    What is essential for the visibility of devices at Level 1 in the control area zone?

    <p>FortiGate, FortiNAC, or both</p> Signup and view all the answers

    What is necessary for Level 3.5 in terms of authentication and policy controls?

    <p>Two-factor authentication and policy controls that include device, user, application, and protocols controls</p> Signup and view all the answers

    What are the typical devices found at Level 3.5 in the Purdue model?

    <p>Servers for the management of operations</p> Signup and view all the answers

    What is the base requirement of a solution for Level 3 in the Purdue model?

    <p>NGFW and switching</p> Signup and view all the answers

    What is necessary for securing the processes and programs at Level 2 in the Purdue model?

    <p>Firewall segmentation, application control, and virtual patching</p> Signup and view all the answers

    What is included in advanced threat protection at Level 4 and Level 5 of the Purdue Model?

    <p>SIEM and SOAR</p> Signup and view all the answers

    What information does FortiGate gather when device detection is enabled?

    <p>MAC address, IP-address, Operating system, Hostname</p> Signup and view all the answers

    What happens when WAN is selected as the interface role for device detection?

    <p>Device detection is not available</p> Signup and view all the answers

    What are the detection methods used in agentless device identification?

    <p>HTTP user agent, TCP fingerprinting, MAC address vendor codes</p> Signup and view all the answers

    When is agentless device identification most effective?

    <p>When FortiGate and the workstations are directly connected network segments</p> Signup and view all the answers

    What is the role of FortiClient in agent-based device identification?

    <p>FortiClient sends information to FortiGate and tracks the device by its unique FortiClient user ID (UID)</p> Signup and view all the answers

    What does FortiGate use to index devices in agentless device identification?

    <p>MAC address</p> Signup and view all the answers

    What is the primary requirement for effective agentless device identification?

    <p>Direct connectivity to FortiGate</p> Signup and view all the answers

    What does FortiGate use to determine the device identity in agentless device identification?

    <p>First come, first served approach</p> Signup and view all the answers

    What is the purpose of FortiOS-VM detection in agentless device identification?

    <p>To identify virtual machines in the network</p> Signup and view all the answers

    What is the unique identifier used by FortiClient for device tracking?

    <p>FortiClient user ID (UID)</p> Signup and view all the answers

    What is the main limitation of agentless device identification?

    <p>Less effective in segmented network environments</p> Signup and view all the answers

    Study Notes

    Control Area Zone

    • Level 1 typically consists of sensors, actuators, and other industrial control system (ICS) devices.
    • Recommended security solutions for Level 1 include network scanning, protocol analysis, and vulnerability assessments for device visibility.

    Securing Level 2

    • Level 2 consists of control systems, HMIs, and engineers' workstations.
    • Securing processes and programs at Level 2 involves application whitelisting, memory protection, andchange control.

    Level 3 and 3.5

    • Level 3 typically includes servers and workstations for supervisory control and data acquisition (SCADA) systems.
    • Basic requirements for Level 3 include network segmentation, authentication, and policy controls.
    • Level 3.5 typically includes Demilitarized Zones (DMZs) and other network periphery devices.
    • Authentication and policy controls are necessary for Level 3.5.

    Securing Level 2 Servers

    • Ensuring process availability and security directly on Level 2 servers involves network segmentation, access control, and anomaly detection.

    Network Segmentation

    • Devices that need to be segmented from Level 1 and Level 2 include workstations, historians, and other systems.

    Device Visibility

    • Essential for device visibility at Level 1 is network scanning, protocol analysis, and vulnerability assessments.

    Authentication and Policy Controls

    • Necessary for Level 3.5 is authentication and policy controls.

    Advanced Threat Protection

    • Advanced threat protection at Level 4 and Level 5 includes sandboxing, antivirus, intrusion prevention, and vulnerability management.

    FortiGate Device Detection

    • FortiGate gathers IP address, MAC address, DNS name, and other device details when device detection is enabled.
    • WAN selection as the interface role for device detection enables gathering information from WAN interfaces.

    Agentless Device Identification

    • Detection methods used in agentless device identification include IP address, MAC address, DNS name, and OS fingerprinting.
    • Agentless device identification is most effective when devices are connected to the network.
    • FortiGate uses device metadata to index devices in agentless device identification.
    • Primary requirement for effective agentless device identification is network visibility.
    • FortiGate determines device identity based on IP address, MAC address, and OS fingerprinting.
    • FortiOS-VM detection is used to identify virtual machines in agentless device identification.

    Agent-Based Device Identification

    • FortiClient is used for agent-based device identification.
    • Unique identifier used by FortiClient for device tracking is the UUID.
    • Main limitation of agentless device identification is its reliance on network visibility.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge of the Purdue model and security implementation with the Fortinet Fabric in this quiz. Explore the segmentation and security measures for different levels within the control area zone, including I-IoT devices, PLCs, RTUs, and IEDs. See how visibility of these devices is crucial and how it can be achieved.

    More Like This

    Use Quizgecko on...
    Browser
    Browser