New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Questions 4

An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.

What is a possible reason?

Options:

A.

FortiGate determined the user by passive authentication

B.

The user was determined by Security Fabric

C.

Two-factor authentication is not configured with RADIUS authentication method

D.

FortiNAC determined the user by DHCP fingerprint method

Buy Now
Questions 5

An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.

On which device can this be accomplished?

Options:

A.

FortiGate

B.

FortiEDR

C.

FortiSwitch

D.

FortiNAC

Buy Now
Questions 6

With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?

Options:

A.

Each traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

B.

The management VDOM must have access to all global security services.

C.

Each VDOM must have an independent security license.

D.

Traffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

Buy Now
Questions 7

Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.

What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

Options:

A.

Set a unique forward domain for each interface of the software switch.

B.

Create a VLAN for each device and replace the current FGT-2 software switch members.

C.

Enable explicit intra-switch policy to require firewall policies on FGT-2.

D.

Implement policy routes on FGT-2 to control traffic between devices.

Buy Now
Questions 8

Which two statements about the Modbus protocol are true? (Choose two.)

Options:

A.

Modbus uses UDP frames to transport MBAP and function codes.

B.

Most of the PLC brands come with a built-in Modbus module.

C.

You can implement Modbus networking settings on internetworking devices.

D.

Modbus is used to establish communication between intelligent devices.

Buy Now
Questions 9

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.

What should the OT supervisor do to achieve this on FortiGate?

Options:

A.

Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

B.

Enable two-factor authentication with FSSO.

C.

Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.

D.

Under config user settings configure set auth-on-demand implicit.

Buy Now
Questions 10

Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.

Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

Options:

A.

The FortiGate-Edge device must be in NAT mode.

B.

NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.

C.

The FortiGate devices is in offline IDS mode.

D.

Port5 is not a member of the software switch.

Buy Now
Questions 11

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

Options:

A.

Planning a threat hunting strategy

B.

Implementing strategies to automatically bring PLCs offline

C.

Creating disaster recovery plans to switch operations to a backup plant

D.

Evaluating what can go wrong before it happens

Buy Now
Questions 12

Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

Options:

A.

Set a unique forward domain on each interface on the network.

B.

Set FortiGate to operate in transparent mode.

C.

Set a software switch on FortiGate to handle inter-VLAN traffic.

D.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Buy Now
Questions 13

Which three common breach points can be found in a typical OT environment? (Choose three.)

Options:

A.

Global hat

B.

Hard hat

C.

VLAN exploits

D.

Black hat

E.

RTU exploits

Buy Now
Questions 14

The OT network analyst run different level of reports to quickly explore failures that could put the network at risk. Such reports can be about device performance. Which FortiSIEM reporting method helps to identify device failures?

Options:

A.

Business service reports

B.

Device inventory reports

C.

CMDB operational reports

D.

Active dependent rules reports

Buy Now
Questions 15

Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is designed to defend against intentional attacks?

Options:

A.

Users with access to moderate resources

B.

Users with low access to resources

C.

Users with unintentional operator error

D.

Users with substantial resources

Buy Now
Questions 16

Refer to the exhibit.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

Options:

A.

Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.

B.

Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.

C.

IT and OT networks are separated by segmentation.

D.

FortiGate-3 and FortiGate-4 devices must be in a transparent mode.

Buy Now
Questions 17

Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

Options:

A.

FortiGate is configured with forward-domains to reduce unnecessary traffic.

B.

FortiGate is configured with forward-domains to forward only domain controller traffic.

C.

FortiGate is configured with forward-domains to forward only company domain website traffic.

D.

FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

Buy Now
Questions 18

Which statement is correct about processing matched rogue devices by FortiNAC?

Options:

A.

FortiNAC cannot revalidate matched devices.

B.

FortiNAC remembers the match ng rule of the rogue device

C.

FortiNAC disables matching rule of previously-profiled rogue devices.

D.

FortiNAC matches the rogue device with only one device profiling rule.

Buy Now
Exam Code: NSE7_OTS-7.2
Exam Name: Fortinet NSE 7 - OT Security 7.2
Last Update: Dec 23, 2024
Questions: 62
NSE7_OTS-7.2 pdf

NSE7_OTS-7.2 PDF

$25.5  $84.99
NSE7_OTS-7.2 Engine

NSE7_OTS-7.2 Testing Engine

$30  $99.99
NSE7_OTS-7.2 PDF + Engine

NSE7_OTS-7.2 PDF + Testing Engine

$40.5  $134.99