NSE 7 – OT Security 7.2 — Question 19

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.
With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

Answer options

• A. Enable transparent mode on the edge FortiGate device.
• B. Enable security profiles on all interfaces connected in the control area zone.
• C. Set up VPN tunnels between downstream and edge FortiGate devices.
• D. Create a software switch on each downstream FortiGate device.

Correct answer: D

Explanation

Creating a software switch on each downstream FortiGate device is the correct approach for enabling micro-segmentation, as it allows for better control of intra-VLAN traffic. The other options do not address the need for micro-segmentation in this specific context, as they focus on different configurations that do not facilitate the same level of traffic control.