Month End Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Free Practice Exam Questions (2025 Updated)

Prepare effectively for your Fortinet NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Fortinet NSE7_OTS-7.2 Premium Access     Download Demo    
Page: 1 / 1
Total 69 questions

Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS? (Choose two.)

A.

Modbus

B.

NIST Cybersecurity

C.

IEC 62443

D.

IEC104

The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?

A.

CMDB reports

B.

Threat hunting reports

C.

Compliance reports

D.

OT/loT reports

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.

With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

A.

Enable transparent mode on the edge FortiGate device.

B.

Enable security profiles on all interfaces connected in the control area zone.

C.

Set up VPN tunnels between downstream and edge FortiGate devices.

D.

Create a software switch on each downstream FortiGate device.

Refer to the exhibit.

Which statement is true about application control inspection?

A.

The industrial application control inspection process is unique among application categories.

B.

Security actions cannot be applied on the lowest level of the hierarchy.

C.

You can control security actions only on the parent-level application signature

D.

The parent signature takes precedence over the child application signature.

Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

A.

FortiGate for SD-WAN

B.

FortiGate for application control and IPS

C.

FortiNAC for network access control

D.

FortiSIEM for security incident and event management

E.

FortiEDR for endpoint detection

Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.)

A.

FortiGate receives traffic from configured port mirroring.

B.

Network traffic goes through FortiGate.

C.

FortiGate acts as network sensor.

D.

Network attacks can be detected and blocked.

When you create a user or host profile, which three criteria can you use? (Choose three.)

A.

Host or user group memberships

B.

Administrative group membership

C.

An existing access control policy

D.

Location

E.

Host or user attributes

Refer to the exhibits.

Which statement is true about the traffic passing through to PLC-2?

A.

IPS must be enabled to inspect application signatures.

B.

The application filter overrides the default action of some IEC 104 signatures.

C.

IEC 104 signatures are all allowed except the C.BO.NA 1 signature.

D.

SSL Inspection must be set to deep-inspection to correctly apply application control.

Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.

What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

A.

Set a unique forward domain for each interface of the software switch.

B.

Create a VLAN for each device and replace the current FGT-2 software switch members.

C.

Enable explicit intra-switch policy to require firewall policies on FGT-2.

D.

Implement policy routes on FGT-2 to control traffic between devices.

Refer to the exhibit.

An OT administrator ran a report to identify device inventory in an OT network.

Based on the report results, which report was run?

A.

A FortiSIEM CMDB report

B.

A FortiAnalyzer device report

C.

A FortiSIEM incident report

D.

A FortiSIEM analytics report

Refer to the exhibit.

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.

What must you do to achieve this objective?

A.

You must use a FortiAuthenticator.

B.

You must register the same FortiToken on more than one FortiGate.

C.

You must use the user self-registration server.

D.

You must use a third-party RADIUS OTP server.

You are investigating a series of incidents that occurred in the OT network over past 24 hours in FortiSIEM.

Which three FortiSIEM options can you use to investigate these incidents? (Choose three.)

A.

Security

B.

IPS

C.

List

D.

Risk

E.

Overview

Which three common breach points can be found in a typical OT environment? (Choose three.)

A.

Global hat

B.

Hard hat

C.

VLAN exploits

D.

Black hat

E.

RTU exploits

Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.

Which statement about the topology is true?

A.

PLCs use IEEE802.1Q protocol to communicate each other.

B.

An administrator can create firewall policies in the switch to secure between PLCs.

C.

This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

D.

There is no micro-segmentation in this topology.

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

A.

It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

B.

It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.

C.

It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.

D.

It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?

A.

Each traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

B.

The management VDOM must have access to all global security services.

C.

Each VDOM must have an independent security license.

D.

Traffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?

A.

By inspecting software and software-based vulnerabilities

B.

By inspecting applications only on nonprotected traffic

C.

By inspecting applications with more granularity by inspecting subapplication traffic

D.

By inspecting protocols used in the application traffic

Refer to the exhibit.

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

A.

Edge

B.

Cloud

C.

Core

D.

Access

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

A.

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

B.

Deploy a FortiGate device within each ICS network.

C.

Configure firewall policies with web filter to protect the different ICS networks.

D.

Configure firewall policies with industrial protocol sensors

E.

Use segmentation

What is the primary objective of implementing SD-WAN in operational technology (OT) networks'?

A.

Reduce security risk and threat attacks

B.

Remove centralized network security policies

C.

Enhance network performance of OT applications

D.

Replace standard links with lower cost connections

Fortinet NSE7_OTS-7.2 Premium Access     Download Demo    
Page: 1 / 1
Total 69 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved