Offering Free access to Fortinet Certification NSE7

Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Testing Engine

Product Type: Testing Engine

$37.5 ~~$124.99~~

Add to Cart

PDF + Testing Engine

Product Type: PDF + Testing Engine

$52.5 ~~$174.99~~

Add to Cart

PDF Study Guide

Product Type: PDF Study Guide

$33 ~~$109.99~~

Add to Cart

Question 1

Refer to the exhibit.

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.

What must you do to achieve this objective?

Options:

You must use a FortiAuthenticator.

You must register the same FortiToken on more than one FortiGate.

You must use the user self-registration server.

You must use a third-party RADIUS OTP server.

Question 2

Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

Options:

FortiGate for SD-WAN

FortiGate for application control and IPS

FortiNAC for network access control

FortiSIEM for security incident and event management

FortiEDR for endpoint detection

Question 3

Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.

Which statement about the topology is true?

Options:

PLCs use IEEE802.1Q protocol to communicate each other.

An administrator can create firewall policies in the switch to secure between PLCs.

This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

There is no micro-segmentation in this topology.

Question 4

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.

Which step must the administrator take to achieve this task?

Options:

Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.

Create a notification policy and define a script/remediation on FortiSIEM.

Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.

Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Question 5

Refer to the exhibit.

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Options:

Edge

Cloud

Core

Access

Question 6

An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.

How can the OT network architect achieve this goal?

Options:

Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.

Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.

Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.

Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.

Question 7

An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.

What statement about the traffic between PLC1 and PLC2 is true?

Options:

The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.

The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.

PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.

In order to communicate, PLC1 must be in the same VLAN as PLC2.

Question 8

Which statement about the IEC 104 protocol is true?

Options:

IEC 104 is used for telecontrol SCADA in electrical engineering applications.

IEC 104 is IEC 101 compliant in old SCADA systems.

IEC 104 protects data transmission between OT devices and services.

IEC 104 uses non-TCP/IP standards.

Question 9

Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)

Options:

Services defined in the firewall policy.

Source defined as internet services in the firewall policy

Lowest to highest policy ID number

Destination defined as internet services in the firewall policy

Highest to lowest priority defined in the firewall policy

Question 10

Refer to the exhibit.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

Options:

Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.

Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.

IT and OT networks are separated by segmentation.

FortiGate-3 and FortiGate-4 devices must be in a transparent mode.

Question 11

The OT network analyst run different level of reports to quickly explore failures that could put the network at risk. Such reports can be about device performance. Which FortiSIEM reporting method helps to identify device failures?

Options:

Business service reports

Device inventory reports

CMDB operational reports

Active dependent rules reports

Question 12

Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

Options:

FortiGate is configured with forward-domains to reduce unnecessary traffic.

FortiGate is configured with forward-domains to forward only domain controller traffic.

FortiGate is configured with forward-domains to forward only company domain website traffic.

FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

Question 13

Refer to the exhibit.

You are creating a new operational technology (OT) rule to monitor Modbus protocol traffic on FortiSIEM

Which action must you take to ensure that all Modbus messages on the network match the rule?

Options:

Add a new condition to filter Modbus traffic based on the source TCP/UDP port

The condition on the SubPattern filter must use the AND logical operator

the Aggregate section, set the attribute value to equal to or greater than 0

In the Group By section remove all attributes that are not configured in the Filter section

Question 14

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

Options:

Planning a threat hunting strategy

Implementing strategies to automatically bring PLCs offline

Creating disaster recovery plans to switch operations to a backup plant

Evaluating what can go wrong before it happens

Question 15

With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?

Options:

Each traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

The management VDOM must have access to all global security services.

Each VDOM must have an independent security license.

Traffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

Question 16

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

Options:

It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.

It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.

It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

Question 17

What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

Options:

Enhanced point of connection details

Direct VLAN assignment

Adapter consolidation for multi-adapter hosts

Importation and classification of hosts

Question 18

Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS? (Choose two.)

Options:

Modbus

NIST Cybersecurity

IEC 62443

IEC104

Answer:

B, C

Explanation:

B. NIST Cybersecurity Framework (CSF)

Role: Provides a risk-based approach to manage cybersecurity for critical infrastructure (including ICS/SCADA/DCS).

Fortinet Reference:

Fortinet OT Security Solution Guide (v7.2):

"The NIST Cybersecurity Framework is widely adopted in OT environments to align security practices with business objectives, manage risks, and ensure resilience."

Page 12: "Framework adoption (e.g., NIST CSF) helps organizations prioritize OT asset protection."

C. IEC 62443

Role: International standard specifically designed for ICS/OT security, covering technical controls, processes, and risk management.

Fortinet Reference:

*Fortinet NSE 7 - OT Security 7.2 Study Guide*:

"IEC 62443 is the foundational standard for securing industrial automation and control systems (IACS), including SCADA and DCS. It defines security zones, conduits, and security levels (SLT)."

*Module 4: "IEC 62443 provides OT-specific security requirements not covered by IT frameworks."*

Why Other Options Are Incorrect

A. Modbus: A communication protocol (not a framework) used in OT environments. It lacks security features and governance.

FortiGate OT Security Guide:

"Modbus is an unauthenticated, cleartext protocol vulnerable to eavesdropping. It is not a security framework."

D. IEC 104: A telecontrol protocol for SCADA (based on IEC 60870-5-104). It is not a security framework.

FortiSIEM OT Monitoring Handbook:

"IEC 104 is used for data transmission in electrical grids. Like Modbus, it requires external security controls."

Key Documentation Extracts

Fortinet OT Security Solution Guide (v7.2):

*"Industrial environments align with IEC 62443 for OT-specific controls and NIST CSF for risk governance. Protocols like Modbus/IEC 104 require additional hardening."*

NSE 7 OT Security 7.2 Curriculum:

"IEC 62443 addresses OT asset discovery, segmentation, and threat detection. NIST CSF complements it with risk assessment methodologies."

Question 19

Refer to the exhibit.

The IPS profile is added on all of the security policies on FortiGate.

For an OT network, which statement of the IPS profile is true?

Options:

FortiGate has no IPS industrial signature database enabled.

The listed IPS signatures are classified as SCADA equipment.

All IPS signatures are overridden and must block traffic match signature patterns.

The IPS profile inspects only traffic originating from SCADA equipment.

Question 20

As an OT network administrator you are required to generate reports that primarily use the same type of data sent to FortiSlEM These reports are based on the preloaded analytic searches

Which two actions can you take on FortiSlEM to enhance running reports for future use? (Choose two.)

Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Fortinet NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Exam Practice Test

Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Testing Engine

PDF + Testing Engine

PDF Study Guide

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer: