NSE7_OTS-7.2 Exam Questions
89 real NSE7_OTS-7.2 exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)
- Question #2
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 in the Purdue model- process control. The purpose of the Layer 2 switch is to segment traffic between PLC...
- Question #3
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the admini...
- Question #4
When you create a user or host profile, which three criteria can you use? (Choose three.)
- Question #5
Refer to the exhibit, which shows a non-protected OT environment. An administrator needs to implement proper protection on the OT network. Which three steps should an administrator...
- Question #6
An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted for credentials during authentication. What is a possi...
- Question #7
Refer to the exhibit. Given the configurations on the FortiGate, which statement is true?
- Question #8
An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network. Which two stat...
- Question #9
You are investigating a series of incidents that occurred in the OT network over past 24 hours in FortiSIEM. Which three FortiSIEM options can you use to investigate these incident...
- Question #10
Refer to the exhibit. Which statement about the interfaces shown in the exhibit is true?
- Question #11
When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?
- Question #12
What two advantages does FortiNAC provide in the OT network? (Choose two.)
- Question #13
What triggers Layer 2 polling of infrastructure devices connected in the network?
- Question #14
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the rep...
- Question #15
An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device. Which statement about the industrial signatu...
- Question #16
Refer to the exhibit. Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)
- Question #17
What can you assign using network access control policies?
- Question #18
As an OT administrator, it is important to understand how industrial protocols work in an OT network. Which communication method is used by the Modbus protocol?
- Question #19
Refer to the exhibit. An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge d...
- Question #20
An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for an...
- Question #21
How can you achieve remote access and internel availability in an OT network?
- Question #22
Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is designed to defend against intentional attacks?
- Question #23
The operational technology (OT) network analyst runs different levels of reports to investigate threats that exploit the network. The analyst can run these reports on all routers,...
- Question #24
To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?
- Question #25
What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)
- Question #26
What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)
- Question #27
Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)
- Question #28
Refer to the exhibit. From your analysis of the output, which statement about the output is true?
- Question #29
Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.)
- Question #30
Refer to the exhibit. In the topology shown in the exhibit, both PLCs can communicate directly with each other without going through the firewall. What can be done to improve the s...
- Question #31
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?
- Question #32
Which three common breach points can you find in a typical ОТ environment? (Choose three.)
- Question #33
Refer to the exhibit. You are navigating through FortiSIEM in an OT network. How do you view information presented in the exhibit and what does the FortiGate device security status...
- Question #34
An OT network administrator is trying to implement active authentication. Which two methods should the administrator use to achieve this? (Choose two.)
- Question #35
Refer to the exhibit. PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-2) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send t...
- Question #36
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to...
- Question #37
Refer to the exhibit. An operational technology (OT) network security audit concluded that the application sensor does not block the IEC.60870.5.104_Information.Trasfer.C.BO.NA.1 s...
- Question #38
Refer to the exhibits. Which statement is true about the traffic passing through to PLC-2?
- Question #39
Refer to the exhibit. An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents...
- Question #40
Refer to the exhibit. The FGT-Edge device is a VPN gateway that allows remote administrators access to the local ICS network. Management hires a third-party company to conduct heal...
- Question #41
Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS? (Choose two.)
- Question #42
Which two statements about the Modbus protocol are true? (Choose two.)
- Question #43
Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.)
- Question #44
Refer to the exhibit. An OT administrator ran a report to identify device inventory in an OT network. Based on the report results, which report was run?
- Question #45
An OT administrator deployed many devices to secure the OT network. However, the SOC team is reporting that there are too many alerts, and that many of the alerts are false positiv...
- Question #46
Refer to the exhibit. You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway. What m...
- Question #47
An ОТ supervisor has configured LDAP and FSSO for authentication. The goal is that all users be authenticated against passive authentication first and. if passive authentication is...
- Question #48
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks. On which device can this be...
- Question #49
Refer to the exhibit. Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)
- Question #50
Which statement is correct about processing matched rogue devices by FortiNAC?