Unlock your Full NSE7_OTS-7.2 Fortinet Stable Exam

Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Question 1

Refer to the exhibit.

Question # 1

An OT administrator ran a report to identify device inventory in an OT network.

Based on the report results, which report was run?

Options:

A FortiSIEM CMDB report

A FortiAnalyzer device report

A FortiSIEM incident report

A FortiSIEM analytics report

Question 2

Refer to the exhibit, which shows a non-protected OT environment.

Question # 2

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

Options:

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

Deploy a FortiGate device within each ICS network.

Configure firewall policies with web filter to protect the different ICS networks.

Configure firewall policies with industrial protocol sensors

Use segmentation

Question 3

Which statement is correct about processing matched rogue devices by FortiNAC?

Options:

FortiNAC cannot revalidate matched devices.

FortiNAC remembers the match ng rule of the rogue device

FortiNAC disables matching rule of previously-profiled rogue devices.

FortiNAC matches the rogue device with only one device profiling rule.

Question 4

How can you achieve remote access and internet availability in an OT network?

Options:

Create a back-end backup network as a redundancy measure.

Implement SD-WAN to manage traffic on each ISP link.

Add additional internal firewalls to access OT devices.

Create more access policies to prevent unauthorized access.

Question 5

What two advantages does FortiNAC provide in the OT network? (Choose two.)

Options:

It can be used for IoT device detection.

It can be used for industrial intrusion detection and prevention.

It can be used for network micro-segmentation.

It can be used for device profiling.

Question 6

An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.

Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

Options:

You must set correct operator in event handler to trigger an event.

You can automate SOC tasks through playbooks.

Each playbook can include multiple triggers.

You cannot use Windows and Linux hosts security events with FortiSoC.

Question 7

An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.

How can the OT network architect achieve this goal?

Options:

Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.

Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.

Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.

Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.

Question 8

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

Options:

Planning a threat hunting strategy

Implementing strategies to automatically bring PLCs offline

Creating disaster recovery plans to switch operations to a backup plant

Evaluating what can go wrong before it happens

Question 9

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.

Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources.

As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?

Options:

Configure outbound security policies with limited active authentication users of the third-party company.

Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.

Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.

Implement an additional firewall using an additional upstream link to the internet.

Question 10

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.

Which step must the administrator take to achieve this task?

Options:

Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.

Create a notification policy and define a script/remediation on FortiSIEM.

Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.

Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Question 11

An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.

Which statement about the industrial signature database on FortiGate is true?

Options:

A supervisor must purchase an industrial signature database and import it to the FortiGate.

An administrator must create their own database using custom signatures.

By default, the industrial database is enabled.

A supervisor can enable it through the FortiGate CLI.

Question 12

The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?

Options:

CMDB reports

Threat hunting reports

Compliance reports

OT/loT reports

Question 13

Refer to the exhibit.

Question # 13

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

Options:

Set a unique forward domain on each interface on the network.

Set FortiGate to operate in transparent mode.

Set a software switch on FortiGate to handle inter-VLAN traffic.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Question 14

What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

Options:

Enhanced point of connection details

Direct VLAN assignment

Adapter consolidation for multi-adapter hosts

Importation and classification of hosts

Question 15

As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.

Which security sensor must implement to detect these types of industrial exploits?

Options:

Intrusion prevention system (IPS)

Deep packet inspection (DPI)

Antivirus inspection

Application control

Question 16

Refer to the exhibit.

Question # 16

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Options:

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Answer:

Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.
Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.
Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.
The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.
The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.
The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1: NSE 7 Network Security Architect - Fortinet

Question 17

When you create a user or host profile, which three criteria can you use? (Choose three.)

Options:

Host or user group memberships

Administrative group membership

An existing access control policy

Location

Host or user attributes

Question 18

To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?

Options:

By inspecting software and software-based vulnerabilities

By inspecting applications only on nonprotected traffic

By inspecting applications with more granularity by inspecting subapplication traffic

By inspecting protocols used in the application traffic

Load More NSE7_OTS-7.2 Questions

Black Friday Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo

Activedumpsnet Navigation

Activedumpsnet Slider

Fortinet NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Exam Practice Test

Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Copyright © 2014-2024 Activedumpsnet. All Rights Reserved