Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Fortinet
  3. Fortinet Certification
  4. NSE7_OTS-7.2 - Fortinet NSE 7 - OT Security 7.2

Fortinet NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Exam Practice Test

Demo: 20 questions
Total 69 questions
Get NSE7_OTS-7.2 Full Access Download NSE7_OTS-7.2 PDF

Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Question 1

As an OT network administrator you are required to generate reports that primarily use the same type of data sent to FortiSlEM These reports are based on the preloaded analytic searches

Which two actions can you take on FortiSlEM to enhance running reports for future use? (Choose two.)

Options:

A.

Automate running these reports upon receiving new logs

B.

Export the preloaded analytics searches to an external syslog server

C.

Create custom reports to process additional analytic searches

D.

Save the analytic searches and turn them into report definitions

Question 2

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.

With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

Options:

A.

Enable transparent mode on the edge FortiGate device.

B.

Enable security profiles on all interfaces connected in the control area zone.

C.

Set up VPN tunnels between downstream and edge FortiGate devices.

D.

Create a software switch on each downstream FortiGate device.

Question 3

Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

Options:

A.

FortiGate for SD-WAN

B.

FortiGate for application control and IPS

C.

FortiNAC for network access control

D.

FortiSIEM for security incident and event management

E.

FortiEDR for endpoint detection

Question 4

Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

Options:

A.

FortiGate is configured with forward-domains to reduce unnecessary traffic.

B.

FortiGate is configured with forward-domains to forward only domain controller traffic.

C.

FortiGate is configured with forward-domains to forward only company domain website traffic.

D.

FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

Question 5

Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)

Options:

A.

SNMP

B.

ICMP

C.

API

D.

RADIUS

E.

TACACS

Question 6

Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

Options:

A.

Set a unique forward domain on each interface on the network.

B.

Set FortiGate to operate in transparent mode.

C.

Set a software switch on FortiGate to handle inter-VLAN traffic.

D.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Question 7

What can be assigned using network access control policies?

Options:

A.

Layer 3 polling intervals

B.

FortiNAC device polling methods

C.

Logical networks

D.

Profiling rules

Question 8

Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.)

Options:

A.

FortiGate receives traffic from configured port mirroring.

B.

Network traffic goes through FortiGate.

C.

FortiGate acts as network sensor.

D.

Network attacks can be detected and blocked.

Question 9

Refer to the exhibit and analyze the output.

Which statement about the output is true?

Options:

A.

This is a sample of a FortiAnalyzer system interface event log.

B.

This is a sample of an SNMP temperature control event log.

C.

This is a sample of a PAM event type.

D.

This is a sample of FortiGate interface statistics.

Question 10

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

Options:

A.

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

B.

Deploy a FortiGate device within each ICS network.

C.

Configure firewall policies with web filter to protect the different ICS networks.

D.

Configure firewall policies with industrial protocol sensors

E.

Use segmentation

Question 11

Which three common breach points can be found in a typical OT environment? (Choose three.)

Options:

A.

Global hat

B.

Hard hat

C.

VLAN exploits

D.

Black hat

E.

RTU exploits

Question 12

Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.)

Options:

A.

FortiNAC

B.

FortiManager

C.

FortiAnalyzer

D.

FortiSIEM

E.

FortiGate

Question 13

How can you achieve remote access and internet availability in an OT network?

Options:

A.

Create a back-end backup network as a redundancy measure.

B.

Implement SD-WAN to manage traffic on each ISP link.

C.

Add additional internal firewalls to access OT devices.

D.

Create more access policies to prevent unauthorized access.

Question 14

Refer to the exhibit.

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Options:

A.

Edge

B.

Cloud

C.

Core

D.

Access

Question 15

Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.

Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

Options:

A.

The FortiGate-Edge device must be in NAT mode.

B.

NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.

C.

The FortiGate devices is in offline IDS mode.

D.

Port5 is not a member of the software switch.

Question 16

An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.

Which statement about the industrial signature database on FortiGate is true?

Options:

A.

A supervisor must purchase an industrial signature database and import it to the FortiGate.

B.

An administrator must create their own database using custom signatures.

C.

By default, the industrial database is enabled.

D.

A supervisor can enable it through the FortiGate CLI.

Question 17

Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

Options:

A.

port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.

B.

The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.

C.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain

D.

port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Question 18

When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

Options:

A.

Known trusted devices, each time they change location

B.

All connected devices, each time they connect

C.

Rogue devices, only when they connect for the first time

D.

Rogue devices, each time they connect

Question 19

What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

Options:

A.

Enhanced point of connection details

B.

Direct VLAN assignment

C.

Adapter consolidation for multi-adapter hosts

D.

Importation and classification of hosts

Question 20

You are investigating a series of incidents that occurred in the OT network over past 24 hours in FortiSIEM.

Which three FortiSIEM options can you use to investigate these incidents? (Choose three.)

Options:

A.

Security

B.

IPS

C.

List

D.

Risk

E.

Overview

Load More NSE7_OTS-7.2 Questions
Demo: 20 questions
Total 69 questions
Get NSE7_OTS-7.2 Full Access Download NSE7_OTS-7.2 PDF