A partial Application Sensor profile is shown. When you apply this profile in a firewall policy, which two statements are correct? (Choose two answers)
Option C is correct because the profile clearly contains the Operational Technology category and specific OT application signatures such as Modbus and IEC.60870.5.104 . The study guide says “You can use application control signatures to detect OT protocols” and “You can filter to a specific OT protocol.” That means OT application signatures are active in this sensor profile.
Option A is correct because the guide explains that application control works at different levels: “Detection of protocol (one detection per session)” and “Message level (one detection per protocol message).” It also says you can use application signatures for “granular message type identification.” In the exhibit, IEC.60870.5.104.Control.Functions is explicitly configured, which is a granular IEC message/control-level signature rather than only a protocol-level match. That means logging and control can occur at the IEC command level.
Option B is not correct because the profile shows Modbus configured at the parent protocol level as Monitor , while the guide states that the “parent signature takes precedence over the child signature.” Since protocol-level detection is one detection per session , that does not mean FortiGate will necessarily log each Modbus command individually.
Option D is incorrect because even though the broader Operational Technology category is set to block, the profile includes specific application and filter overrides for Modbus and IEC 104 behavior. So the resulting effect is not simply that all OT protocols are blocked .
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit