Black Friday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Examstrust Logo
examstrust mcafee
  1. Home
  2. Fortinet
  3. Fortinet Certification
  4. NSE7_OTS-7.2 - Fortinet NSE 7 - OT Security 7.2

Fortinet NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Exam Practice Test

Page: 1 / 6
Total 62 questions
Get NSE7_OTS-7.2 Full Access Download NSE7_OTS-7.2 PDF

Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$52.5  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Add to Cart
Question 1

Which three common breach points can be found in a typical OT environment? (Choose three.)

Options:

A.

Global hat

B.

Hard hat

C.

VLAN exploits

D.

Black hat

E.

RTU exploits

Question 2

When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

Options:

A.

Known trusted devices, each time they change location

B.

All connected devices, each time they connect

C.

Rogue devices, only when they connect for the first time

D.

Rogue devices, each time they connect

Question 3

Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)

Options:

A.

Services defined in the firewall policy.

B.

Source defined as internet services in the firewall policy

C.

Lowest to highest policy ID number

D.

Destination defined as internet services in the firewall policy

E.

Highest to lowest priority defined in the firewall policy

Question 4

Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other.

Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.)

Options:

A.

The switch on FGT-2 must be hardware to implement micro-segmentation.

B.

Micro-segmentation on FGT-2 prevents direct device-to-device communication.

C.

Traffic must be inspected by FGT-EDGE in OT networks.

D.

FGT-2 controls intra-VLAN traffic through firewall policies.

Question 5

Refer to the exhibits.

Which statement is true about the traffic passing through to PLC-2?

Options:

A.

IPS must be enabled to inspect application signatures.

B.

The application filter overrides the default action of some IEC 104 signatures.

C.

IEC 104 signatures are all allowed except the C.BO.NA 1 signature.

D.

SSL Inspection must be set to deep-inspection to correctly apply application control.

Question 6

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

Options:

A.

It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

B.

It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.

C.

It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.

D.

It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

Question 7

An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.

Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

Options:

A.

You must set correct operator in event handler to trigger an event.

B.

You can automate SOC tasks through playbooks.

C.

Each playbook can include multiple triggers.

D.

You cannot use Windows and Linux hosts security events with FortiSoC.

Question 8

Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

Options:

A.

port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.

B.

The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.

C.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain

D.

port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Question 9

Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

Options:

A.

Set a unique forward domain on each interface on the network.

B.

Set FortiGate to operate in transparent mode.

C.

Set a software switch on FortiGate to handle inter-VLAN traffic.

D.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Question 10

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

Options:

A.

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

B.

Deploy a FortiGate device within each ICS network.

C.

Configure firewall policies with web filter to protect the different ICS networks.

D.

Configure firewall policies with industrial protocol sensors

E.

Use segmentation

Question 11

What can be assigned using network access control policies?

Options:

A.

Layer 3 polling intervals

B.

FortiNAC device polling methods

C.

Logical networks

D.

Profiling rules

Question 12

How can you achieve remote access and internet availability in an OT network?

Options:

A.

Create a back-end backup network as a redundancy measure.

B.

Implement SD-WAN to manage traffic on each ISP link.

C.

Add additional internal firewalls to access OT devices.

D.

Create more access policies to prevent unauthorized access.

Question 13

Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.)

Options:

A.

FortiGate receives traffic from configured port mirroring.

B.

Network traffic goes through FortiGate.

C.

FortiGate acts as network sensor.

D.

Network attacks can be detected and blocked.

Question 14

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.

Which step must the administrator take to achieve this task?

Options:

A.

Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.

B.

Create a notification policy and define a script/remediation on FortiSIEM.

C.

Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.

D.

Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Question 15

Refer to the exhibit.

The IPS profile is added on all of the security policies on FortiGate.

For an OT network, which statement of the IPS profile is true?

Options:

A.

FortiGate has no IPS industrial signature database enabled.

B.

The listed IPS signatures are classified as SCADAapphcat nns

C.

All IPS signatures are overridden and must block traffic match signature patterns.

D.

The IPS profile inspects only traffic originating from SCADA equipment.

Question 16

What triggers Layer 2 polling of infrastructure devices connected in the network?

Options:

A.

A failed Layer 3 poll

B.

A matched security policy

C.

A matched profiling rule

D.

A linkup or linkdown trap

Question 17

Refer to the exhibits.

Which statement about some of the generated report elements from FortiAnalyzer is true?

Options:

A.

The report confirms Modbus and IEC 104 are the key applications crossing the network.

B.

FortiGate collects the logs and generates the report to FortiAnalyzer.

C.

The file types confirm the infected applications on the PLCs.

D.

This report is predefined and is not available for customization.

Question 18

Which statement is correct about processing matched rogue devices by FortiNAC?

Options:

A.

FortiNAC cannot revalidate matched devices.

B.

FortiNAC remembers the match ng rule of the rogue device

C.

FortiNAC disables matching rule of previously-profiled rogue devices.

D.

FortiNAC matches the rogue device with only one device profiling rule.

Load More NSE7_OTS-7.2 Questions
Page: 1 / 6
Total 62 questions
Get NSE7_OTS-7.2 Full Access Download NSE7_OTS-7.2 PDF