Fortinet

NSE7_OTS-7.2 Exam
NSE 7 Network Security Architect

Questions & Answers

(Demo Version - Limited Content)

Thank you for Downloading NSE7_OTS-7.2 exam PDF Demo

Get Full File:

https://certsteacher.com/nse7-ots-7-2-exam-dumps/
Exam Dumps 1/27

➢TOTAL QUESTIONS: 49

Question: 1

What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

A. Enhanced point of connection details

B. Direct VLAN assignment
C. Adapter consolidation for multi-adapter hosts
D. Importation and classification of hosts

Answer: AD
Explanation:

The two benefits of a Nozomi integration with FortiNAC are enhanced point of connection details and
importation and classification of hosts. Enhanced point of connection details allows for the
identification and separation of traffic from multiple points of connection, such as Wi-Fi, wired,
cellular, and VPN. Importation and classification of hosts allows for the automated importing and
classification of host and device information into FortiNAC. This allows for better visibility and control
of the network.

Question: 2

Which three criteria can a FortiGate device use to look for a matching firewall policy to process
traffic? (Choose three.)

A. Services defined in the firewall policy.

B. Source defined as internet services in the firewall policy
C. Lowest to highest policy ID number
D. Destination defined as internet services in the firewall policy
E. Highest to lowest priority defined in the firewall policy

Answer: ADE
Explanation:

The three criteria that a FortiGate device can use to look for a matching firewall policy to process
traffic are:

www.certsteacher.com
Exam Dumps 2/27

A) Services defined in the firewall policy - FortiGate devices can match firewall policies based on the
services defined in the policy, such as HTTP, FTP, or DNS.
D) Destination defined as internet services in the firewall policy - FortiGate devices can also match
firewall policies based on the destination of the traffic, including destination IP address, interface, or
internet services.
E) Highest to lowest priority defined in the firewall policy - FortiGate devices can prioritize firewall
policies based on the priority defined in the policy. The device will process traffic against the policy
with the highest priority first and move down the list until it finds a matching policy.
Reference:
Fortinet NSE 7 - Enterprise Firewall 6.4 Study Guide, Chapter 4: Policy Implementation, page 4-18.

Question: 3

Refer to the exhibit and analyze the output.

Which statement about the output is true?

A. This is a sample of a FortiAnalyzer system interface event log.

B. This is a sample of an SNMP temperature control event log.
C. This is a sample of a PAM event type.
D. This is a sample of FortiGate interface statistics.

Answer: C
Explanation:

Question: 4

Which three Fortinet products can be used for device identification in an OT industrial control system
(ICS)? (Choose three.)

A. FortiNAC
B. FortiManager
C. FortiAnalyzer
D. FortiSIEM
E. FortiGate

Answer: ADE
Explanation:

www.certsteacher.com
Exam Dumps 3/27

A) FortiNAC - FortiNAC is a network access control solution that provides visibility and control over
network devices. It can identify devices, enforce access policies, and automate threat response.
D) FortiSIEM - FortiSIEM is a security information and event management solution that can collect
and analyze data from multiple sources, including network devices and servers. It can help identify
potential security threats, as well as monitor compliance with security policies and regulations.
E) FortiAnalyzer - FortiAnalyzer is a central logging and reporting solution that collects and analyzes
data from multiple sources, including FortiNAC and FortiSIEM. It can provide insights into network
activity and help identify anomalies or security threats.
Reference:
Fortinet NSE 7 - OT Security 6.4 Study Guide, Chapter 4: OT Security Devices, page 4-20.

Question: 5

Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without
going through the firewall.

www.certsteacher.com
Exam Dumps 4/27

Which statement about the topology is true?

A. PLCs use IEEE802.1Q protocol to communicate each other.

B. An administrator can create firewall policies in the switch to secure between PLCs.
C. This integration solution expands VLAN capabilities from Layer 2 to Layer 3.
D. There is no micro-segmentation in this topology.

Answer: D
Explanation:

Question: 6
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?

A. RADIUS
B. Link traps
C. End station traffic monitoring
D. MAC notification traps

Answer: A
Explanation:

FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients
that authenticate through the RADIUS server.
Reference:
Fortinet NSE 7 - OT Security 6.4 Study Guide, Chapter 4: OT Security Devices, page 4-28.

Question: 7
Which three common breach points can be found in a typical OT environment? (Choose three.)

A. Global hat
B. Hard hat
C. VLAN exploits
D. Black hat
E. RTU exploits

Answer: B, D, E
Explanation:

Question: 8
Refer to the exhibit.

www.certsteacher.com
Exam Dumps 5/27

You are navigating through FortiSIEM in an OT network.

How do you view information presented in the exhibit and what does the FortiGate device security
status tell you?

A. In the PCI logging dashboard and there are one or more high-severity security incidents for the
FortiGate device.
B. In the summary dashboard and there are one or more high-severity security incidents for the
FortiGate device.
C. In the widget dashboard and there are one or more high-severity incidents for the FortiGate
device.
D. In the business service dashboard and there are one or more high-severity security incidents for
the FortiGate device.

Answer: B
Explanation:

Question: 9
An OT network administrator is trying to implement active authentication.
Which two methods should the administrator use to achieve this? (Choose two.)

A. Two-factor authentication on FortiAuthenticator

B. Role-based authentication on FortiNAC
C. FSSO authentication on FortiGate
D. Local authentication on FortiGate

Answer: A, D
Explanation:

Question: 10
Refer to the exhibit.

www.certsteacher.com
Exam Dumps 6/27

An OT administrator ran a report to identify device inventory in an OT network.

Based on the report results, which report was run?

A. A FortiSIEM CMDB report

B. A FortiAnalyzer device report
C. A FortiSIEM incident report
D. A FortiSIEM analytics report

Answer: A
Explanation:

Question: 11

An OT administrator deployed many devices to secure the OT network. However, the SOC team is
reporting that there are too many alerts, and that many of the alerts are false positive. The OT
administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves
time, and saves resources.
Which products should the administrator deploy to address these issues and automate most of the
manual tasks done by the SOC team?

A. FortiSIEM and FortiManager

B. FortiSandbox and FortiSIEM
C. FortiSOAR and FortiSIEM
D. A syslog server and FortiSIEM

Answer: C
Explanation:

Question: 12
Refer to the exhibit.

www.certsteacher.com
Exam Dumps 7/27

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft
FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?

A. You must use a FortiAuthenticator.

B. You must register the same FortiToken on more than one FortiGate.
C. You must use the user self-registration server.
D. You must use a third-party RADIUS OTP server.

Answer: A
Explanation:

Question: 13

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users
be authenticated against passive authentication first and, if passive authentication is not successful,
then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?

A. Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
B. Enable two-factor authentication with FSSO.
C. Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
D. Under config user settings configure set auth-on-demand implicit.

Answer: C
Explanation:

The OT supervisor should configure a firewall policy with FSSO users and place it on the top of list of
firewall policies in order to achieve the goal of authenticating users against passive authentication

www.certsteacher.com
Exam Dumps 8/27

first and, if passive authentication is not successful, then challenging them with active
authentication.

Question: 14

An OT network architect needs to secure control area zones with a single network access policy to
provision devices to any number of different networks.
On which device can this be accomplished?

A. FortiGate
B. FortiEDR
C. FortiSwitch
D. FortiNAC

Answer: A
Explanation:

An OT network architect can accomplish the goal of securing control area zones with a single
network access policy to provision devices to any number of different networks on a FortiGate
device.

Question: 15
Refer to the exhibit.

www.certsteacher.com
Exam Dumps 9/27

Based on the topology designed by the OT architect, which two statements about implementing OT
security are true? (Choose two.)

A. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol
sensors.
B. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of
FortiSwitch devices.
C. IT and OT networks are separated by segmentation.
D. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.

Answer: AC
Explanation:

Question: 16

Which three methods of communication are used by FortiNAC to gather visibility information?
(Choose three.)

A. SNMP
B. ICMP

www.certsteacher.com
Exam Dumps 10/27

C. API
D. RADIUS
E. TACACS

Answer: A, C, D
Explanation:

Question: 17
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process
control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two
VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then
through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true?

A. The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.
B. The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.
C. PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
D. In order to communicate, PLC1 must be in the same VLAN as PLC2.

Answer: C
Explanation:

The statement that is true about the traffic between PLC1 and PLC2 is that PLC1 and PLC2 traffic must
flow through the Layer-2 switch trunk link to the FortiGate device.

Question: 18

An OT administrator is defining an incident notification policy using FortiSIEM and would like to
configure the system with a notification policy. If an incident occurs, the administrator would like to
be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?

A. Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
B. Create a notification policy and define a script/remediation on FortiSIEM.
C. Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
D. Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Answer: B
Explanation:

https://fusecommunity.fortinet.com/blogs/silviu/2022/04/12/fortisiempublishingscript

Question: 19

When you create a user or host profile, which three criteria can you use? (Choose three.)

www.certsteacher.com
Exam Dumps 11/27

A. Host or user group memberships

B. Administrative group membership
C. An existing access control policy
D. Location
E. Host or user attributes

Answer: A, D, E
Explanation:

https://docs.fortinet.com/document/fortinac/9.2.0/administration-guide/15797/user-host-profiles

Question: 20

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

A. Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.
B. Deploy a FortiGate device within each ICS network.
C. Configure firewall policies with web filter to protect the different ICS networks.
D. Configure firewall policies with industrial protocol sensors
E. Use segmentation

Answer: A, C, D
Explanation:

Question: 21

www.certsteacher.com
Exam Dumps 12/27

An OT administrator has configured FSSO and local firewall authentication. A user who is part of a
user group is not prompted from credentials during authentication.
What is a possible reason?

A. FortiGate determined the user by passive authentication

B. The user was determined by Security Fabric
C. Two-factor authentication is not configured with RADIUS authentication method
D. FortiNAC determined the user by DHCP fingerprint method

Answer: A
Explanation:

Question: 22

Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

A. FortiGate is configured with forward-domains to reduce unnecessary traffic.

B. FortiGate is configured with forward-domains to forward only domain controller traffic.
C. FortiGate is configured with forward-domains to forward only company domain website traffic.
D. FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

Answer: A
Explanation:

Question: 23

An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and
block any unauthorized access to FortiGate devices in an OT network.
Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

A. You must set correct operator in event handler to trigger an event.

B. You can automate SOC tasks through playbooks.
C. Each playbook can include multiple triggers.
D. You cannot use Windows and Linux hosts security events with FortiSoC.

www.certsteacher.com
Exam Dumps 13/27

Answer: AB
Explanation:

Ref: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/268882/fortisoc

Question: 24

You are investigating a series of incidents that occurred in the OT network over past 24 hours in
FortiSIEM.
Which three FortiSIEM options can you use to investigate these incidents? (Choose three.)

A. Security
B. IPS
C. List
D. Risk
E. Overview

Answer: C, D, E
Explanation:

Question: 25

Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

www.certsteacher.com
Exam Dumps 14/27

A. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.
B. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.
C. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
D. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Answer: D
Explanation:

Question: 26

When device profiling rules are enabled, which devices connected on the network are evaluated by
the device profiling rules?

A. Known trusted devices, each time they change location

B. All connected devices, each time they connect
C. Rogue devices, only when they connect for the first time
D. Rogue devices, each time they connect

Answer: C
Explanation:

Question: 27

What two advantages does FortiNAC provide in the OT network? (Choose two.)

A. It can be used for IoT device detection.

B. It can be used for industrial intrusion detection and prevention.
C. It can be used for network micro-segmentation.
D. It can be used for device profiling.

Answer: A, D
Explanation:

Typically, in a microsegmented network, NGFWs are used in conjunction with VLANs to implement
security policies and to inspect and filter network communications. Fortinet FortiSwitch and
FortiGate NGFW offer an integrated approach to microsegmentation.

Question: 28
What triggers Layer 2 polling of infrastructure devices connected in the network?

A. A failed Layer 3 poll

B. A matched security policy
C. A matched profiling rule
D. A linkup or linkdown trap

www.certsteacher.com
Exam Dumps 15/27

Answer: D
Explanation:

Question: 29

An OT administrator configured and ran a default application risk and control report in FortiAnalyzer
to learn more about the key application crossing the network. However, the report output is empty
despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.
What are two possible reasons why the report output was empty? (Choose two.)

A. The administrator selected the wrong logs to be indexed in FortiAnalyzer.

B. The administrator selected the wrong time period for the report.
C. The administrator selected the wrong devices in the Devices section.
D. The administrator selected the wrong hcache table for the report.

Answer: B, C
Explanation:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/32cb817d-a307-11eb-
b70b-00505692583a/FortiAnalyzer-7.0.0-Administration_Guide.pdf

Question: 30

An OT supervisor needs to protect their network by implementing security with an industrial

signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?

A. A supervisor must purchase an industrial signature database and import it to the FortiGate.
B. An administrator must create their own database using custom signatures.
C. By default, the industrial database is enabled.
D. A supervisor can enable it through the FortiGate CLI.

Answer: D
Explanation:

Question: 31
Refer to the exhibit.

www.certsteacher.com
Exam Dumps 16/27

Based on the Purdue model, which three measures can be implemented in the control area zone
using the Fortinet Security Fabric? (Choose three.)

A. FortiGate for SD-WAN

B. FortiGate for application control and IPS
C. FortiNAC for network access control
D. FortiSIEM for security incident and event management
E. FortiEDR for endpoint detection

Answer: B, C, E
Explanation:

Question: 32
What can be assigned using network access control policies?

A. Layer 3 polling intervals

B. FortiNAC device polling methods
C. Logical networks
D. Profiling rules

Answer: C
Explanation:

Question: 33

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

A. It uses OSI Layer 2 and the primary device sends data based on request from secondary device.
B. It uses OSI Layer 2 and both the primary/secondary devices always send data during the
communication.
C. It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token
ring.
D. It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

www.certsteacher.com
Exam Dumps 17/27

Answer: D
Explanation:

Question: 34

Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and
control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software
switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation
of traffic between client and server are true? (Choose two.)

A. The FortiGate-Edge device must be in NAT mode.

B. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
C. The FortiGate devices is in offline IDS mode.
D. Port5 is not a member of the software switch.

Answer: A, B
Explanation:

Question: 35
An OT network architect must deploy a solution to protect fuel pumps in an industrial remote
network. All the fuel pumps must be closely monitored from the corporate network for any
temperature fluctuations.
How can the OT network architect achieve this goal?

A. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern
temperature security rule on the corporate network.
B. Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern
temperature performance rule on the remote network.
C. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern
temperature performance rule on the corporate network.

www.certsteacher.com
Exam Dumps 18/27

D. Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on
the corporate network.

Answer: C
Explanation:

This way, FortiSIEM can discover and monitor everything attached to the remote network and
provide security visibility to the corporate network

Question: 36

Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1)
connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2
level.
What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

A. Set a unique forward domain for each interface of the software switch.
B. Create a VLAN for each device and replace the current FGT-2 software switch members.

www.certsteacher.com
Exam Dumps 19/27

C. Enable explicit intra-switch policy to require firewall policies on FGT-2.

D. Implement policy routes on FGT-2 to control traffic between devices.

Answer: A, B
Explanation:

Question: 37

As an OT network administrator, you are managing three FortiGate devices that each protect
different levels on the Purdue model. To increase traffic visibility, you are required to implement
additional security measures to detect exploits that affect PLCs.
Which security sensor must implement to detect these types of industrial exploits?

A. Intrusion prevention system (IPS)

B. Deep packet inspection (DPI)
C. Antivirus inspection
D. Application control

Answer: B
Explanation:

Question: 38
Refer to the exhibit.

www.certsteacher.com
Exam Dumps 20/27

An OT network security audit concluded that the application sensor requires changes to ensure the
correct security action is committed against the overrides filters.
Which change must the OT network administrator make?

A. Set all application categories to apply default actions.

B. Change the security action of the industrial category to monitor.
C. Set the priority of the C.BO.NA.1 signature override to 1.
D. Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Answer: C
Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow
you to configure the security action for each application category and network protocol override. The
security action determines how the FortiGate unit handles traffic that matches the application
category or network protocol override. The security action can be one of the following:
Allow: The FortiGate unit allows the traffic without any further inspection.
Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

www.certsteacher.com
Exam Dumps 21/27

Block: The FortiGate unit blocks the traffic and logs it as an attack.
The priority of the network protocol override determines the order in which the FortiGate unit
applies the security action to the traffic. The lower the priority number, the higher the priority. For
example, a priority of 1 is higher than a priority of 10.
In the exhibit, the application sensor has the following settings:
The industrial category has a security action of allow, which means that the FortiGate unit will not
inspect or log any traffic that belongs to this category.
The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block,
which means that the FortiGate unit will block and log any traffic that matches this protocol.
The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor,
which means that the FortiGate unit will allow and log any traffic that matches this protocol.
The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which
means that the FortiGate unit will not inspect or log any traffic that matches this protocol.
The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block,
which means that the FortiGate unit will block and log any traffic that matches this protocol.
The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol
override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol
override. This means that if the traffic matches both protocols, the FortiGate unit will apply the
security action of the higher priority override, which is block. However, the IEC.60870.5.104
Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT
devices. Therefore, blocking this protocol could have negative consequences for the OT network.
To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104
Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the
IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will
apply the security action of the lower priority override, which is allow, to the traffic that matches
both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to
transfer binary outputs, while still blocking the traffic that is used to transfer information.
1: NSE 7 Network Security Architect - Fortinet

Question: 39

Refer to the exhibits.

www.certsteacher.com
Exam Dumps 22/27

Which statement is true about the traffic passing through to PLC-2?

A. IPS must be enabled to inspect application signatures.

B. The application filter overrides the default action of some IEC 104 signatures.
C. IEC 104 signatures are all allowed except the C.BO.NA 1 signature.
D. SSL Inspection must be set to deep-inspection to correctly apply application control.

Answer: B
Explanation:

Question: 40
Refer to the exhibit.

www.certsteacher.com
Exam Dumps 23/27

An operational technology rule is created and successfully activated to monitor the Modbus protocol
on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application
logs being received correctly by FortiSIEM.
Which statement correctly describes the issue on the rule configuration?

A. The first condition on the SubPattern filter must use the OR logical operator.
B. The attributes in the Group By section must match the ones in Fitters section.
C. The Aggregate attribute COUNT expression is incompatible with the filters.
D. The SubPattern is missing the filter to match the Modbus protocol.

Answer: B
Explanation:

Question: 41

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the
secure gateway and is only allowing remote operators to access the ICS networks on site.
Management hires a third-party company to conduct health and safety on site. The third-party
company must have outbound access to external resources.
As the OT network administrator, what is the best scenario to provide external access to the third-
party company while continuing to secure the ICS networks?

www.certsteacher.com
Exam Dumps 24/27

A. Configure outbound security policies with limited active authentication users of the third-party
company.
B. Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS
network traffic.
C. Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for
the third-party company.
D. Implement an additional firewall using an additional upstream link to the internet.

Answer: C
Explanation:

Question: 42
Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS?
(Choose two.)

A. Modbus
B. NIST Cybersecurity
C. IEC 62443
D. IEC104

Answer: C, D
Explanation:

Question: 43

Which two statements about the Modbus protocol are true? (Choose two.)

A. Modbus uses UDP frames to transport MBAP and function codes.

B. Most of the PLC brands come with a built-in Modbus module.
C. You can implement Modbus networking settings on internetworking devices.
D. Modbus is used to establish communication between intelligent devices.

Answer: B, C
Explanation:

Question: 44
Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.)

A. FortiGate receives traffic from configured port mirroring.

B. Network traffic goes through FortiGate.
C. FortiGate acts as network sensor.
D. Network attacks can be detected and blocked.

Answer: B, C

www.certsteacher.com
Exam Dumps 25/27

Explanation:

Question: 45
How can you achieve remote access and internel availability in an OT network?

A. Create a back-end backup network as a redundancy measure.

B. Implement SD-WAN to manage traffic on each ISP link.
C. Add additional internal firewalls to access OT devices.
D. Create more access policies to prevent unauthorized access.

Answer: B
Explanation:

Question: 46

Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is
designed to defend against intentional attacks?

A. Users with access to moderate resources

B. Users with low access to resources
C. Users with unintentional operator error
D. Users with substantial resources

Answer: C
Explanation:

Question: 47
The OT network analyst runs different level of reports to quickly explore threats that exploit the
network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting
method helps to identify these type of exploits of image firmware files?

A. CMDB reports
B. Threat hunting reports
C. Compliance reports
D. OT/loT reports

Answer: B
Explanation:

Question: 48
To increase security protection in an OT network, how does application control on ForliGate detect
industrial traffic?

www.certsteacher.com
Exam Dumps 26/27

A. By inspecting software and software-based vulnerabilities

B. By inspecting applications only on nonprotected traffic
C. By inspecting applications with more granularity by inspecting subapplication traffic
D. By inspecting protocols used in the application traffic

Answer: B
Explanation:

Question: 49

What are two critical tasks the OT network auditors must perform during OT network risk assessment
and management? (Choose two.)

A. Planning a threat hunting strategy

B. Implementing strategies to automatically bring PLCs offline
C. Creating disaster recovery plans to switch operations to a backup plant
D. Evaluating what can go wrong before it happens

Answer: B, C

www.certsteacher.com
Exam Dumps 27/27

Thank You for Being Our Valued Customer

We Hope You Enjoy Your Purchase
Fortinet NSE7_OTS-7.2 Exam Question & Answers
Fortinet NSE 7 - OT Security 7.2 Exam

www.certsteacher.com
 Thank You for trying NSE7_OTS-7.2 PDF Demo

https://certsteacher.com/nse7-ots-7-2-exam-dumps/

Start Your NSE7_OTS-7.2 Preparation

[Limited Time Offer] Use Coupon " Save25 " for extra 25%
discount the purchase of PDF file. Test your
NSE7_OTS-7.2 preparation with actual exam questions

www.certsteacher.com