• Home
  • Articles
  • [May 20, 2024] Verified NSE7_OTS-7.2 dumps and 52 unique questions [Q29-Q47]

[May 20, 2024] Verified NSE7_OTS-7.2 dumps and 52 unique questions [Q29-Q47]

Share

[May 20, 2024] Verified NSE7_OTS-7.2 dumps and 52 unique questions

NSE7_OTS-7.2 Dumps for Pass Guaranteed - Pass NSE7_OTS-7.2 Exam 2024


Fortinet NSE7_OTS-7.2 certification exam covers a wide range of topics, including OT network security, OT network design and architecture, OT protocols and standards, OT risk management, and OT incident response. NSE7_OTS-7.2 exam is designed to test the candidate's ability to apply their knowledge of these topics to real-world scenarios, and to demonstrate their proficiency in securing OT networks.

 

NEW QUESTION # 29
Refer to the exhibits.

Which statement is true about the traffic passing through to PLC-2?

  • A. The application filter overrides the default action of some IEC 104 signatures.
  • B. IEC 104 signatures are all allowed except the C.BO.NA 1 signature.
  • C. SSL Inspection must be set to deep-inspection to correctly apply application control.
  • D. IPS must be enabled to inspect application signatures.

Answer: A


NEW QUESTION # 30
Refer to the exhibit.

An OT administrator ran a report to identify device inventory in an OT network.
Based on the report results, which report was run?

  • A. A FortiSIEM CMDB report
  • B. A FortiAnalyzer device report
  • C. A FortiSIEM analytics report
  • D. A FortiSIEM incident report

Answer: A


NEW QUESTION # 31
When you create a user or host profile, which three criteria can you use? (Choose three.)

  • A. Administrative group membership
  • B. An existing access control policy
  • C. Host or user attributes
  • D. Location
  • E. Host or user group memberships

Answer: C,D,E

Explanation:
Explanation
https://docs.fortinet.com/document/fortinac/9.2.0/administration-guide/15797/user-host-profiles


NEW QUESTION # 32
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.
Which security sensor must implement to detect these types of industrial exploits?

  • A. Antivirus inspection
  • B. Deep packet inspection (DPI)
  • C. Intrusion prevention system (IPS)
  • D. Application control

Answer: B


NEW QUESTION # 33
Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.
Which change must the OT network administrator make?

  • A. Set all application categories to apply default actions.
  • B. Change the security action of the industrial category to monitor.
  • C. Remove IEC.60870.5.104 Information.Transfer from the first filter override.
  • D. Set the priority of the C.BO.NA.1 signature override to 1.

Answer: D

Explanation:
Explanation
According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:
Allow: The FortiGate unit allows the traffic without any further inspection.
Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.
Block: The FortiGate unit blocks the traffic and logs it as an attack.
The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.
In the exhibit, the application sensor has the following settings:
The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.
The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.
The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.
The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.
To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.
1: NSE 7 Network Security Architect - Fortinet


NEW QUESTION # 34
What triggers Layer 2 polling of infrastructure devices connected in the network?

  • A. A matched security policy
  • B. A failed Layer 3 poll
  • C. A matched profiling rule
  • D. A linkup or linkdown trap

Answer: D


NEW QUESTION # 35
Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is designed to defend against intentional attacks?

  • A. Users with low access to resources
  • B. Users with substantial resources
  • C. Users with access to moderate resources
  • D. Users with unintentional operator error

Answer: D


NEW QUESTION # 36
Refer to the exhibit.

You are navigating through FortiSIEM in an OT network.
How do you view information presented in the exhibit and what does the FortiGate device security status tell you?

  • A. In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.
  • B. In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.
  • C. In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.
  • D. In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.

Answer: C


NEW QUESTION # 37
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)

  • A. RADIUS
  • B. SNMP
  • C. TACACS
  • D. API
  • E. ICMP

Answer: A,B,D


NEW QUESTION # 38
What two advantages does FortiNAC provide in the OT network? (Choose two.)

  • A. It can be used for network micro-segmentation.
  • B. It can be used for industrial intrusion detection and prevention.
  • C. It can be used for device profiling.
  • D. It can be used for IoT device detection.

Answer: C,D

Explanation:
Explanation
Typically, in a microsegmented network, NGFWs are used in conjunction with VLANs to implement security policies and to inspect and filter network communications. Fortinet FortiSwitch and FortiGate NGFW offer an integrated approach to microsegmentation.


NEW QUESTION # 39
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.
What are two possible reasons why the report output was empty? (Choose two.)

  • A. The administrator selected the wrong devices in the Devices section.
  • B. The administrator selected the wrong logs to be indexed in FortiAnalyzer.
  • C. The administrator selected the wrong hcache table for the report.
  • D. The administrator selected the wrong time period for the report.

Answer: A,D

Explanation:
Explanation
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/32cb817d-a307-11eb-b70b-0050569258


NEW QUESTION # 40
Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)?
(Choose three.)

  • A. FortiNAC
  • B. FortiManager
  • C. FortiGate
  • D. FortiAnalyzer
  • E. FortiSIEM

Answer: A,C,E

Explanation:
Explanation
A: FortiNAC - FortiNAC is a network access control solution that provides visibility and control over network devices. It can identify devices, enforce access policies, and automate threat response.
D: FortiSIEM - FortiSIEM is a security information and event management solution that can collect and analyze data from multiple sources, including network devices and servers. It can help identify potential security threats, as well as monitor compliance with security policies and regulations.
E: FortiAnalyzer - FortiAnalyzer is a central logging and reporting solution that collects and analyzes data from multiple sources, including FortiNAC and FortiSIEM. It can provide insights into network activity and help identify anomalies or security threats.


NEW QUESTION # 41
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?

  • A. Link traps
  • B. RADIUS
  • C. MAC notification traps
  • D. End station traffic monitoring

Answer: B

Explanation:
Explanation
FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients that authenticate through the RADIUS server.


NEW QUESTION # 42
The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?

  • A. Compliance reports
  • B. Threat hunting reports
  • C. OT/loT reports
  • D. CMDB reports

Answer: B


NEW QUESTION # 43
An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.
Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

  • A. You must set correct operator in event handler to trigger an event.
  • B. You can automate SOC tasks through playbooks.
  • C. Each playbook can include multiple triggers.
  • D. You cannot use Windows and Linux hosts security events with FortiSoC.

Answer: A,B

Explanation:
Explanation
Ref: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/268882/fortisoc


NEW QUESTION # 44
What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

  • A. Evaluating what can go wrong before it happens
  • B. Planning a threat hunting strategy
  • C. Implementing strategies to automatically bring PLCs offline
  • D. Creating disaster recovery plans to switch operations to a backup plant

Answer: C,D


NEW QUESTION # 45
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

  • A. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
  • B. Under config user settings configure set auth-on-demand implicit.
  • C. Enable two-factor authentication with FSSO.
  • D. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

Answer: A

Explanation:
Explanation
The OT supervisor should configure a firewall policy with FSSO users and place it on the top of list of firewall policies in order to achieve the goal of authenticating users against passive authentication first and, if passive authentication is not successful, then challenging them with active authentication.


NEW QUESTION # 46
Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

  • A. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.
  • B. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
  • C. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.
  • D. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Answer: D


NEW QUESTION # 47
......

Latest 100% Passing Guarantee - Brilliant NSE7_OTS-7.2 Exam Questions PDF: https://pdfpractice.actual4dumps.com/NSE7_OTS-7.2-study-material.html

Related Articles

more
Fortinet NSE7_OTS-7.2 Certification Practice Exam

Copyright © 2026 Actual4Dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy