NSE 7 – OT Security 6.4 — Question 21

An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true?

Answer options

• A. The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.
• B. The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.
• C. PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
• D. In order to communicate, PLC1 must be in the same VLAN as PLC2.

Correct answer: C

Explanation

The correct answer is C because the traffic from PLC1 and PLC2 must indeed pass through the Layer-2 switch trunk link to reach the FortiGate device. Option A is incorrect as Layer 2 switches do not rewrite VLAN tags but rather forward them. Option B is misleading because Layer 2 switches don't route traffic; they switch it. Option D is incorrect since the two PLCs can communicate through the Layer 2 switch even if they are in different VLANs.