Summer Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Activedumpsnet Logo
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_OTS-7.2
  5. NSE7_OTS-7.2 - Fortinet NSE 7 - OT Security 7.2

Fortinet NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Exam Practice Test

Page: 1 / 7
Total 69 questions
Get NSE7_OTS-7.2 Full Access Download NSE7_OTS-7.2 PDF

Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Question 1

When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

Options:

A.

Known trusted devices, each time they change location

B.

All connected devices, each time they connect

C.

Rogue devices, only when they connect for the first time

D.

Rogue devices, each time they connect

Question 2

Refer to the exhibit.

Question # 2

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

Options:

A.

The first condition on the SubPattern filter must use the OR logical operator.

B.

The attributes in the Group By section must match the ones in Fitters section.

C.

The Aggregate attribute COUNT expression is incompatible with the filters.

D.

The SubPattern is missing the filter to match the Modbus protocol.

Question 3

Refer to the exhibit.

Question # 3

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

Options:

A.

Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.

B.

Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.

C.

IT and OT networks are separated by segmentation.

D.

FortiGate-3 and FortiGate-4 devices must be in a transparent mode.

Question 4

Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)

Options:

A.

SNMP

B.

ICMP

C.

API

D.

RADIUS

E.

TACACS

Question 5

Refer to the exhibit.

Question # 5

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Options:

A.

Set all application categories to apply default actions.

B.

Change the security action of the industrial category to monitor.

C.

Set the priority of the C.BO.NA.1 signature override to 1.

D.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Question 6

Which statement is correct about processing matched rogue devices by FortiNAC?

Options:

A.

FortiNAC cannot revalidate matched devices.

B.

FortiNAC remembers the match ng rule of the rogue device

C.

FortiNAC disables matching rule of previously-profiled rogue devices.

D.

FortiNAC matches the rogue device with only one device profiling rule.

Question 7

As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.

Which security sensor must implement to detect these types of industrial exploits?

Options:

A.

Intrusion prevention system (IPS)

B.

Deep packet inspection (DPI)

C.

Antivirus inspection

D.

Application control

Question 8

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.

Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources.

As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?

Options:

A.

Configure outbound security policies with limited active authentication users of the third-party company.

B.

Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.

C.

Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.

D.

Implement an additional firewall using an additional upstream link to the internet.

Question 9

Refer to the exhibit.

Question # 9

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

Options:

A.

FortiGate for SD-WAN

B.

FortiGate for application control and IPS

C.

FortiNAC for network access control

D.

FortiSIEM for security incident and event management

E.

FortiEDR for endpoint detection

Question 10

The OT network analyst run different level of reports to quickly explore failures that could put the network at risk. Such reports can be about device performance. Which FortiSIEM reporting method helps to identify device failures?

Options:

A.

Business service reports

B.

Device inventory reports

C.

CMDB operational reports

D.

Active dependent rules reports

Question 11

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

Options:

A.

It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

B.

It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.

C.

It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.

D.

It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

Question 12

Refer to the exhibit.

Question # 12

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Options:

A.

Edge

B.

Cloud

C.

Core

D.

Access

Question 13

As an OT network administrator you are required to generate reports that primarily use the same type of data sent to FortiSlEM These reports are based on the preloaded analytic searches

Which two actions can you take on FortiSlEM to enhance running reports for future use? (Choose two.)

Options:

A.

Automate running these reports upon receiving new logs

B.

Export the preloaded analytics searches to an external syslog server

C.

Create custom reports to process additional analytic searches

D.

Save the analytic searches and turn them into report definitions

Question 14

Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)

Options:

A.

Services defined in the firewall policy.

B.

Source defined as internet services in the firewall policy

C.

Lowest to highest policy ID number

D.

Destination defined as internet services in the firewall policy

E.

Highest to lowest priority defined in the firewall policy

Question 15

When you create a user or host profile, which three criteria can you use? (Choose three.)

Options:

A.

Host or user group memberships

B.

Administrative group membership

C.

An existing access control policy

D.

Location

E.

Host or user attributes

Question 16

An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.

What is a possible reason?

Options:

A.

FortiGate determined the user by passive authentication

B.

The user was determined by Security Fabric

C.

Two-factor authentication is not configured with RADIUS authentication method

D.

FortiNAC determined the user by DHCP fingerprint method

Question 17

The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?

Options:

A.

CMDB reports

B.

Threat hunting reports

C.

Compliance reports

D.

OT/loT reports

Question 18

Refer to the exhibit and analyze the output.

Question # 18

Which statement about the output is true?

Options:

A.

This is a sample of a FortiAnalyzer system interface event log.

B.

This is a sample of an SNMP temperature control event log.

C.

This is a sample of a PAM event type.

D.

This is a sample of FortiGate interface statistics.

Question 19

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

Options:

A.

Planning a threat hunting strategy

B.

Implementing strategies to automatically bring PLCs offline

C.

Creating disaster recovery plans to switch operations to a backup plant

D.

Evaluating what can go wrong before it happens

Question 20

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.

What should the OT supervisor do to achieve this on FortiGate?

Options:

A.

Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

B.

Enable two-factor authentication with FSSO.

C.

Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.

D.

Under config user settings configure set auth-on-demand implicit.

Load More NSE7_OTS-7.2 Questions 
Page: 1 / 7
Total 69 questions
Get NSE7_OTS-7.2 Full Access Download NSE7_OTS-7.2 PDF