Fortinet NSE7_OTS-7.2 Fortinet NSE 7 – OT Security7.2 Online Training
Fortinet NSE7_OTS-7.2 Online Training
The questions for NSE7_OTS-7.2 were last updated at Apr 26,2024.
- Exam Code: NSE7_OTS-7.2
- Exam Name: Fortinet NSE 7 - OT Security7.2
- Certification Provider: Fortinet
- Latest update: Apr 26,2024
To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?
- A . By inspecting software and software-based vulnerabilities
- B . By inspecting applications only on nonprotected traffic
- C . By inspecting applications with more granularity by inspecting subapplication traffic
- D . By inspecting protocols used in the application traffic
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)
- A . SNMP
- B . ICMP
- C . API
- D . RADIUS
- E . TACACS
An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.
How can the OT network architect achieve this goal?
- A . Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.
- B . Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
- C . Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.
- D . Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?
- A . RADIUS
- B . Link traps
- C . End station traffic monitoring
- D . MAC notification traps
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.
What are two possible reasons why the report output was empty? (Choose two.)
- A . The administrator selected the wrong logs to be indexed in FortiAnalyzer.
- B . The administrator selected the wrong time period for the report.
- C . The administrator selected the wrong devices in the Devices section.
- D . The administrator selected the wrong hcache table for the report.
Refer to the exhibit.
PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.
What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?
- A . Set a unique forward domain for each interface of the software switch.
- B . Create a VLAN for each device and replace the current FGT-2 software switch members.
- C . Enable explicit intra-switch policy to require firewall policies on FGT-2.
- D . Implement policy routes on FGT-2 to control traffic between devices.
An OT network administrator is trying to implement active authentication.
Which two methods should the administrator use to achieve this? (Choose two.)
- A . Two-factor authentication on FortiAuthenticator
- B . Role-based authentication on FortiNAC
- C . FSSO authentication on FortiGate
- D . Local authentication on FortiGate
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?
- A . Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
- B . Create a notification policy and define a script/remediation on FortiSIEM.
- C . Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
- D . Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.
Refer to the exhibit.
An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)
- A . The FortiGate-Edge device must be in NAT mode.
- B . NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
- C . The FortiGate devices is in offline IDS mode.
- D . Port5 is not a member of the software switch.
Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.)
- A . FortiNAC
- B . FortiManager
- C . FortiAnalyzer
- D . FortiSIEM
- E . FortiGate