NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Free Practice Exam Questions (2025 Updated)

This way, FortiSIEM can discover and monitor everything attached to the remote network and provide security visibility to the corporate network

B. NIST Cybersecurity Framework (CSF)

Role: Provides a risk-based approach to manage cybersecurity for critical infrastructure (including ICS/SCADA/DCS).

Fortinet Reference:

Fortinet OT Security Solution Guide (v7.2):

"The NIST Cybersecurity Framework is widely adopted in OT environments to align security practices with business objectives, manage risks, and ensure resilience."

Page 12: "Framework adoption (e.g., NIST CSF) helps organizations prioritize OT asset protection."

C. IEC 62443

Role: International standard specifically designed for ICS/OT security, covering technical controls, processes, and risk management.

Fortinet Reference:

*Fortinet NSE 7 - OT Security 7.2 Study Guide*:

"IEC 62443 is the foundational standard for securing industrial automation and control systems (IACS), including SCADA and DCS. It defines security zones, conduits, and security levels (SLT)."

*Module 4: "IEC 62443 provides OT-specific security requirements not covered by IT frameworks."*

Why Other Options Are Incorrect

A. Modbus: A communication protocol (not a framework) used in OT environments. It lacks security features and governance.

FortiGate OT Security Guide:

"Modbus is an unauthenticated, cleartext protocol vulnerable to eavesdropping. It is not a security framework."

D. IEC 104: A telecontrol protocol for SCADA (based on IEC 60870-5-104). It is not a security framework.

FortiSIEM OT Monitoring Handbook:

"IEC 104 is used for data transmission in electrical grids. Like Modbus, it requires external security controls."

Key Documentation Extracts

Fortinet OT Security Solution Guide (v7.2):

*"Industrial environments align with IEC 62443 for OT-specific controls and NIST CSF for risk governance. Protocols like Modbus/IEC 104 require additional hardening."*

NSE 7 OT Security 7.2 Curriculum:

"IEC 62443 addresses OT asset discovery, segmentation, and threat detection. NIST CSF complements it with risk assessment methodologies."

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1: NSE 7 Network Security Architect - Fortinet

A. FortiNAC - FortiNAC is a network access control solution that provides visibility and control over network devices. It can identify devices, enforce access policies, and automate threat response.

D. FortiSIEM - FortiSIEM is a security information and event management solution that can collect and analyze data from multiple sources, including network devices and servers. It can help identify potential security threats, as well as monitor compliance with security policies and regulations.

E. FortiAnalyzer - FortiAnalyzer is a central logging and reporting solution that collects and analyzes data from multiple sources, including FortiNAC and FortiSIEM. It can provide insights into network activity and help identify anomalies or security threats.