Fortinet NSE7_OTS-7.2 Exam Actual Questions

Name: Fortinet NSE 7 - OT Security 7.2
Brand: QA4Exam
SKU: NSE7_OTS-7.2
Price: 30 USD
Availability: InStock
Rating: 4.9 (405 reviews)

The questions for NSE7_OTS-7.2 were last updated on Oct 3, 2024.

Viewing page 1 out of 12 pages.
Viewing questions 1-5 out of 62 questions

Unlock Access to All 62 Questions & Answers

Question No. 1

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.

With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

AEnable transparent mode on the edge FortiGate device.

BEnable security profiles on all interfaces connected in the control area zone.

CSet up VPN tunnels between downstream and edge FortiGate devices.

DCreate a software switch on each downstream FortiGate device.

Show Answer

Correct Answer: C

Question No. 2

FortiAnalyzer is implemented in the OT network to receive logs from responsible FortiGate devices. The logs must be processed by FortiAnalyzer.

In this scenario, which statement is correct about the purpose of FortiAnalyzer receiving and processing multiple log messages from a given PLC or RTU?

ATo isolate PLCs or RTUs in the event of external attacks

BTo configure event handlers and take further action on FortiGate

CTo determine which type of messages from the PLC or RTU causes issues in the plant

DTo help OT administrators configure the network and prevent breaches

Show Answer

Correct Answer: B

Question No. 3

Refer to the exhibit.

The IPS profile is added on all of the security policies on FortiGate.

For an OT network, which statement of the IPS profile is true?

AFortiGate has no IPS industrial signature database enabled.

BThe listed IPS signatures are classified as SCADAapphcat nns

CAll IPS signatures are overridden and must block traffic match signature patterns.

DThe IPS profile inspects only traffic originating from SCADA equipment.

Show Answer

Correct Answer: B

Question No. 4

With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?

AEach traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

BThe management VDOM must have access to all global security services.

CEach VDOM must have an independent security license.

DTraffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

Show Answer

Correct Answer: D

Question No. 5

Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other.

Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.)

AThe switch on FGT-2 must be hardware to implement micro-segmentation.

BMicro-segmentation on FGT-2 prevents direct device-to-device communication.

CTraffic must be inspected by FGT-EDGE in OT networks.

DFGT-2 controls intra-VLAN traffic through firewall policies.

Show Answer

Correct Answer: B, D

Unlock All Questions for Fortinet NSE7_OTS-7.2 Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 62 Questions & Answers