ExamGecko
Search Search Login
Home Home / Fortinet / NSE7_OTS-7.2

Fortinet NSE7_OTS-7.2 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site. Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources. As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?
Refer to the exhibit. You are assigned to implement a remote authentication server in the OT network. Which part of the hierarchy should the authentication server be part of?
To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network. What statement about the traffic between PLC1 and PLC2 is true?
As an OT administrator, it is important to understand how industrial protocols work in an OT network. Which communication method is used by the Modbus protocol?
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM. Which step must the administrator take to achieve this task?
With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?
Which three common breach points can be found in a typical OT environment? (Choose three.)
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs. Which security sensor must implement to detect these types of industrial exploits?
Refer to the exhibit. An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01. Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

Question 1

Report
Export
Collapse

What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

A.
Enhanced point of connection details
A.
Enhanced point of connection details
Answers
B.
Direct VLAN assignment
B.
Direct VLAN assignment
Answers
C.
Adapter consolidation for multi-adapter hosts
C.
Adapter consolidation for multi-adapter hosts
Answers
D.
Importation and classification of hosts
D.
Importation and classification of hosts
Answers
Suggested answer: C, D

Explanation:

The two benefits of a Nozomi integration with FortiNAC are enhanced point of connection details and importation and classification of hosts. Enhanced point of connection details allows for the identification and separation of traffic from multiple points of connection, such as Wi-Fi, wired, cellular, and VPN. Importation and classification of hosts allows for the automated importing and classification of host and device information into FortiNAC. This allows for better visibility and control of the network.

Question 2

Report
Export
Collapse

Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)

A.
Services defined in the firewall policy.
A.
Services defined in the firewall policy.
Answers
B.
Source defined as internet services in the firewall policy
B.
Source defined as internet services in the firewall policy
Answers
C.
Lowest to highest policy ID number
C.
Lowest to highest policy ID number
Answers
D.
Destination defined as internet services in the firewall policy
D.
Destination defined as internet services in the firewall policy
Answers
E.
Highest to lowest priority defined in the firewall policy
E.
Highest to lowest priority defined in the firewall policy
Answers
Suggested answer: A, D, E

Explanation:

The three criteria that a FortiGate device can use to look for a matching firewall policy to process traffic are:

A) Services defined in the firewall policy - FortiGate devices can match firewall policies based on the services defined in the policy, such as HTTP, FTP, or DNS.

D) Destination defined as internet services in the firewall policy - FortiGate devices can also match firewall policies based on the destination of the traffic, including destination IP address, interface, or internet services.

E) Highest to lowest priority defined in the firewall policy - FortiGate devices can prioritize firewall policies based on the priority defined in the policy. The device will process traffic against the policy with the highest priority first and move down the list until it finds a matching policy.

Fortinet NSE 7 - Enterprise Firewall 6.4 Study Guide, Chapter 4: Policy Implementation, page 4-18.

Question 3

Report
Export
Collapse

Refer to the exhibit and analyze the output.

Which statement about the output is true?

A.
This is a sample of a FortiAnalyzer system interface event log.
A.
This is a sample of a FortiAnalyzer system interface event log.
Answers
B.
This is a sample of an SNMP temperature control event log.
B.
This is a sample of an SNMP temperature control event log.
Answers
C.
This is a sample of a PAM event type.
C.
This is a sample of a PAM event type.
Answers
D.
This is a sample of FortiGate interface statistics.
D.
This is a sample of FortiGate interface statistics.
Answers
Suggested answer: C

Question 4

Report
Export
Collapse

Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.)

A.
FortiNAC
A.
FortiNAC
Answers
B.
FortiManager
B.
FortiManager
Answers
C.
FortiAnalyzer
C.
FortiAnalyzer
Answers
D.
FortiSIEM
D.
FortiSIEM
Answers
E.
FortiGate
E.
FortiGate
Answers
Suggested answer: A, D, E

Explanation:

A) FortiNAC - FortiNAC is a network access control solution that provides visibility and control over network devices. It can identify devices, enforce access policies, and automate threat response.

D) FortiSIEM - FortiSIEM is a security information and event management solution that can collect and analyze data from multiple sources, including network devices and servers. It can help identify potential security threats, as well as monitor compliance with security policies and regulations.

E) FortiAnalyzer - FortiAnalyzer is a central logging and reporting solution that collects and analyzes data from multiple sources, including FortiNAC and FortiSIEM. It can provide insights into network activity and help identify anomalies or security threats.

Fortinet NSE 7 - OT Security 6.4 Study Guide, Chapter 4: OT Security Devices, page 4-20.

Question 5

Report
Export
Collapse

Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.

Which statement about the topology is true?

A.
PLCs use IEEE802.1Q protocol to communicate each other.
A.
PLCs use IEEE802.1Q protocol to communicate each other.
Answers
B.
An administrator can create firewall policies in the switch to secure between PLCs.
B.
An administrator can create firewall policies in the switch to secure between PLCs.
Answers
C.
This integration solution expands VLAN capabilities from Layer 2 to Layer 3.
C.
This integration solution expands VLAN capabilities from Layer 2 to Layer 3.
Answers
D.
There is no micro-segmentation in this topology.
D.
There is no micro-segmentation in this topology.
Answers
Suggested answer: D

Question 6

Report
Export
Collapse

In a wireless network integration, how does FortiNAC obtain connecting MAC address information?

A.
RADIUS
A.
RADIUS
Answers
B.
Link traps
B.
Link traps
Answers
C.
End station traffic monitoring
C.
End station traffic monitoring
Answers
D.
MAC notification traps
D.
MAC notification traps
Answers
Suggested answer: A

Explanation:

FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients that authenticate through the RADIUS server.

Fortinet NSE 7 - OT Security 6.4 Study Guide, Chapter 4: OT Security Devices, page 4-28.

Question 7

Report
Export
Collapse

Which three common breach points can be found in a typical OT environment? (Choose three.)

A.
Global hat
A.
Global hat
Answers
B.
Hard hat
B.
Hard hat
Answers
C.
VLAN exploits
C.
VLAN exploits
Answers
D.
Black hat
D.
Black hat
Answers
E.
RTU exploits
E.
RTU exploits
Answers
Suggested answer: B, D, E

Question 8

Report
Export
Collapse

Refer to the exhibit.

You are navigating through FortiSIEM in an OT network.

How do you view information presented in the exhibit and what does the FortiGate device security status tell you?

A.
In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.
A.
In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.
Answers
B.
In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.
B.
In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.
Answers
C.
In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.
C.
In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.
Answers
D.
In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.
D.
In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.
Answers
Suggested answer: B

Question 9

Report
Export
Collapse

An OT network administrator is trying to implement active authentication.

Which two methods should the administrator use to achieve this? (Choose two.)

A.
Two-factor authentication on FortiAuthenticator
A.
Two-factor authentication on FortiAuthenticator
Answers
B.
Role-based authentication on FortiNAC
B.
Role-based authentication on FortiNAC
Answers
C.
FSSO authentication on FortiGate
C.
FSSO authentication on FortiGate
Answers
D.
Local authentication on FortiGate
D.
Local authentication on FortiGate
Answers
Suggested answer: A, D

Question 10

Report
Export
Collapse

Refer to the exhibit.

An OT administrator ran a report to identify device inventory in an OT network.

Based on the report results, which report was run?

A.
A FortiSIEM CMDB report
A.
A FortiSIEM CMDB report
Answers
B.
A FortiAnalyzer device report
B.
A FortiAnalyzer device report
Answers
C.
A FortiSIEM incident report
C.
A FortiSIEM incident report
Answers
D.
A FortiSIEM analytics report
D.
A FortiSIEM analytics report
Answers
Suggested answer: A
Total 62 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms