Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors

NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Questions 4

Refer to the exhibit.

NSE7_OTS-7.2 Question 4

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.

What must you do to achieve this objective?

Options:

A.

You must use a FortiAuthenticator.

B.

You must register the same FortiToken on more than one FortiGate.

C.

You must use the user self-registration server.

D.

You must use a third-party RADIUS OTP server.

Buy Now
Questions 5

An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.

Which statement about the industrial signature database on FortiGate is true?

Options:

A.

A supervisor must purchase an industrial signature database and import it to the FortiGate.

B.

An administrator must create their own database using custom signatures.

C.

By default, the industrial database is enabled.

D.

A supervisor can enable it through the FortiGate CLI.

Buy Now
Questions 6

Which statemenl about the IEC 104 protocol is true?

Options:

A.

IEC 104 is used for telecontrol SCADA in electrical engineering applications.

B.

IEC 104 is IEC 101 compliant in old SCADA systems.

C.

IEC 104 protects data transmission between OT devices and services.

D.

IEC 104 uses non-TCP/IP standards.

Buy Now
Questions 7

Refer to the exhibit.

NSE7_OTS-7.2 Question 7

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

Options:

A.

The first condition on the SubPattern filter must use the OR logical operator.

B.

The attributes in the Group By section must match the ones in Fitters section.

C.

The Aggregate attribute COUNT expression is incompatible with the filters.

D.

The SubPattern is missing the filter to match the Modbus protocol.

Buy Now
Questions 8

As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.

Which security sensor must implement to detect these types of industrial exploits?

Options:

A.

Intrusion prevention system (IPS)

B.

Deep packet inspection (DPI)

C.

Antivirus inspection

D.

Application control

Buy Now
Questions 9

Which two statements about the Modbus protocol are true? (Choose two.)

Options:

A.

Modbus uses UDP frames to transport MBAP and function codes.

B.

Most of the PLC brands come with a built-in Modbus module.

C.

You can implement Modbus networking settings on internetworking devices.

D.

Modbus is used to establish communication between intelligent devices.

Buy Now
Questions 10

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.

Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources.

As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?

Options:

A.

Configure outbound security policies with limited active authentication users of the third-party company.

B.

Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.

C.

Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.

D.

Implement an additional firewall using an additional upstream link to the internet.

Buy Now
Questions 11

Refer to the exhibit.

NSE7_OTS-7.2 Question 11

The IPS profile is added on all of the security policies on FortiGate.

For an OT network, which statement of the IPS profile is true?

Options:

A.

FortiGate has no IPS industrial signature database enabled.

B.

The listed IPS signatures are classified as SCADAapphcat nns

C.

All IPS signatures are overridden and must block traffic match signature patterns.

D.

The IPS profile inspects only traffic originating from SCADA equipment.

Buy Now
Questions 12

FortiAnalyzer is implemented in the OT network to receive logs from responsible FortiGate devices. The logs must be processed by FortiAnalyzer.

In this scenario, which statement is correct about the purpose of FortiAnalyzer receiving and processing multiple log messages from a given PLC or RTU?

Options:

A.

To isolate PLCs or RTUs in the event of external attacks

B.

To configure event handlers and take further action on FortiGate

C.

To determine which type of messages from the PLC or RTU causes issues in the plant

D.

To help OT administrators configure the network and prevent breaches

Buy Now
Questions 13

Refer to the exhibit.

NSE7_OTS-7.2 Question 13

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

Options:

A.

Set a unique forward domain on each interface on the network.

B.

Set FortiGate to operate in transparent mode.

C.

Set a software switch on FortiGate to handle inter-VLAN traffic.

D.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Buy Now
Questions 14

Which three common breach points can be found in a typical OT environment? (Choose three.)

Options:

A.

Global hat

B.

Hard hat

C.

VLAN exploits

D.

Black hat

E.

RTU exploits

Buy Now
Questions 15

The OT network analyst run different level of reports to quickly explore failures that could put the network at risk. Such reports can be about device performance. Which FortiSIEM reporting method helps to identify device failures?

Options:

A.

Business service reports

B.

Device inventory reports

C.

CMDB operational reports

D.

Active dependent rules reports

Buy Now
Questions 16

Refer to the exhibit.

NSE7_OTS-7.2 Question 16

Which statement about the interfaces shown in the exhibit is true?

Options:

A.

port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.

B.

The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.

C.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain

D.

port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Buy Now
Questions 17

With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?

Options:

A.

Each traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

B.

The management VDOM must have access to all global security services.

C.

Each VDOM must have an independent security license.

D.

Traffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

Buy Now
Questions 18

Refer to the exhibit.

NSE7_OTS-7.2 Question 18

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Options:

A.

Edge

B.

Cloud

C.

Core

D.

Access

Buy Now
Exam Code: NSE7_OTS-7.2
Exam Name: Fortinet NSE 7 - OT Security 7.2
Last Update: Nov 21, 2024
Questions: 62

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now NSE7_OTS-7.2 testing engine

PDF (Q&A)

$31.5  $104.99
buy now NSE7_OTS-7.2 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024