NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Questions 4

Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

Options:

FortiGate for SD-WAN

FortiGate for application control and IPS

FortiNAC for network access control

FortiSIEM for security incident and event management

FortiEDR for endpoint detection

Buy Now

Questions 5

How can you achieve remote access and internet availability in an OT network?

Options:

Create a back-end backup network as a redundancy measure.

Implement SD-WAN to manage traffic on each ISP link.

Add additional internal firewalls to access OT devices.

Create more access policies to prevent unauthorized access.

Buy Now

Questions 6

Refer to the exhibit.

You are navigating through FortiSIEM in an OT network.

How do you view information presented in the exhibit and what does the FortiGate device security status tell you?

Options:

In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.

In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.

In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.

In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.

Buy Now

Questions 7

Refer to the exhibit.

An OT administrator ran a report to identify device inventory in an OT network.

Based on the report results, which report was run?

Options:

A FortiSIEM CMDB report

A FortiAnalyzer device report

A FortiSIEM incident report

A FortiSIEM analytics report

Buy Now

Questions 8

Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Options:

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Buy Now

Answer:

Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1: NSE 7 Network Security Architect - Fortinet

Questions 9

Which statement is correct about processing matched rogue devices by FortiNAC?

Options:

FortiNAC cannot revalidate matched devices.

FortiNAC remembers the match ng rule of the rogue device

FortiNAC disables matching rule of previously-profiled rogue devices.

FortiNAC matches the rogue device with only one device profiling rule.

Buy Now

Questions 10

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.

What should the OT supervisor do to achieve this on FortiGate?

Options:

Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

Enable two-factor authentication with FSSO.

Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.

Under config user settings configure set auth-on-demand implicit.

Buy Now

Questions 11

When you create a user or host profile, which three criteria can you use? (Choose three.)

Options:

Host or user group memberships

Administrative group membership

An existing access control policy

Location

Host or user attributes

Buy Now

Questions 12

What is the primary objective of implementing SD-WAN in operational technology (OT) networks'?

Options:

Reduce security risk and threat attacks

Remove centralized network security policies

Enhance network performance of OT applications

Replace standard links with lower cost connections

Buy Now

Questions 13

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.

Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources.

As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?

Options:

Configure outbound security policies with limited active authentication users of the third-party company.

Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.

Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.

Implement an additional firewall using an additional upstream link to the internet.

Buy Now

Questions 14

Refer to the exhibits.

Which statement is true about the traffic passing through to PLC-2?

Options:

IPS must be enabled to inspect application signatures.

The application filter overrides the default action of some IEC 104 signatures.

IEC 104 signatures are all allowed except the C.BO.NA 1 signature.

SSL Inspection must be set to deep-inspection to correctly apply application control.

Buy Now

Questions 15

As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.

Which security sensor must implement to detect these types of industrial exploits?

Options:

Intrusion prevention system (IPS)

Deep packet inspection (DPI)

Antivirus inspection

Application control

Buy Now

Questions 16

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.

Which step must the administrator take to achieve this task?

Options:

Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.

Create a notification policy and define a script/remediation on FortiSIEM.

Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.

Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Buy Now

Questions 17

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.

With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

Options:

Enable transparent mode on the edge FortiGate device.

Enable security profiles on all interfaces connected in the control area zone.

Set up VPN tunnels between downstream and edge FortiGate devices.

Create a software switch on each downstream FortiGate device.

Buy Now

Questions 18

Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.

Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

Options:

The FortiGate-Edge device must be in NAT mode.

NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.

The FortiGate devices is in offline IDS mode.

Port5 is not a member of the software switch.

Buy Now

Questions 19

FortiAnalyzer is implemented in the OT network to receive logs from responsible FortiGate devices. The logs must be processed by FortiAnalyzer.

In this scenario, which statement is correct about the purpose of FortiAnalyzer receiving and processing multiple log messages from a given PLC or RTU?

Options:

To isolate PLCs or RTUs in the event of external attacks

To configure event handlers and take further action on FortiGate

To determine which type of messages from the PLC or RTU causes issues in the plant

To help OT administrators configure the network and prevent breaches

Buy Now

Questions 20

Refer to the exhibit.

You are creating a new operational technology (OT) rule to monitor Modbus protocol traffic on FortiSIEM

Which action must you take to ensure that all Modbus messages on the network match the rule?

Options:

Add a new condition to filter Modbus traffic based on the source TCP/UDP port

The condition on the SubPattern filter must use the AND logical operator

the Aggregate section, set the attribute value to equal to or greater than 0

In the Group By section remove all attributes that are not configured in the Filter section

Buy Now

Exam Code: NSE7_OTS-7.2

Exam Name: Fortinet NSE 7 - OT Security 7.2

Last Update: Oct 25, 2025

Questions: 69

NSE7_OTS-7.2 PDF

$25.5 ~~$84.99~~

Add to Cart

NSE7_OTS-7.2 Testing Engine

$30 ~~$99.99~~

Add to Cart

NSE7_OTS-7.2 PDF + Testing Engine

$40.5 ~~$134.99~~

Add to Cart

Big Halloween Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

clapgeek logo

NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

NSE7_OTS-7.2 PDF

NSE7_OTS-7.2 Testing Engine

NSE7_OTS-7.2 PDF + Testing Engine

Quick Links

Recently New Released Certification Exams

Site Secure