1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_OTS-7.2
  5. Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Pass the Fortinet NSE 7 Network Security Architect NSE7_OTS-7.2 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 2 pages
Viewing questions 11-20 out of questions
Questions # 11:

Refer to the exhibit.

Question # 11

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.

What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

Options:
A.

Set a unique forward domain for each interface of the software switch.

B.

Create a VLAN for each device and replace the current FGT-2 software switch members.

C.

Enable explicit intra-switch policy to require firewall policies on FGT-2.

D.

Implement policy routes on FGT-2 to control traffic between devices.

Expert Solution
Questions # 12:

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

Options:
A.

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

B.

Deploy a FortiGate device within each ICS network.

C.

Configure firewall policies with web filter to protect the different ICS networks.

D.

Configure firewall policies with industrial protocol sensors

E.

Use segmentation

Expert Solution
Questions # 13:

As an OT network administrator you are managing three FortiGate devices that each protect different levels on the Purdue model To increase traffic visibility you are required to implement additional security measures to detect protocols from PLCs

Which security sensor must you implement to detect protocols on the OT network?

Options:
A.

Endpoint Detection and Response (EDR)

B.

Deep packet inspection (DPI)

C.

Intrusion prevention system (IPS)

D.

Application control (AC)

Expert Solution
Questions # 14:

Refer to the exhibits.

Question # 14

Which statement about some of the generated report elements from FortiAnalyzer is true?

Options:
A.

The report confirms Modbus and IEC 104 are the key applications crossing the network.

B.

FortiGate collects the logs and generates the report to FortiAnalyzer.

C.

The file types confirm the infected applications on the PLCs.

D.

This report is predefined and is not available for customization.

Expert Solution
Questions # 15:

Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

Options:
A.

FortiGate is configured with forward-domains to reduce unnecessary traffic.

B.

FortiGate is configured with forward-domains to forward only domain controller traffic.

C.

FortiGate is configured with forward-domains to forward only company domain website traffic.

D.

FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

Expert Solution
Questions # 16:

An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.

How can the OT network architect achieve this goal?

Options:
A.

Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.

B.

Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.

C.

Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.

D.

Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.

Expert Solution
Questions # 17:

Which three common breach points can be found in a typical OT environment? (Choose three.)

Options:
A.

Global hat

B.

Hard hat

C.

VLAN exploits

D.

Black hat

E.

RTU exploits

Expert Solution
Questions # 18:

Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

Options:
A.

FortiGate for SD-WAN

B.

FortiGate for application control and IPS

C.

FortiNAC for network access control

D.

FortiSIEM for security incident and event management

E.

FortiEDR for endpoint detection

Expert Solution
Questions # 19:

To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?

Options:
A.

By inspecting software and software-based vulnerabilities

B.

By inspecting applications only on nonprotected traffic

C.

By inspecting applications with more granularity by inspecting subapplication traffic

D.

By inspecting protocols used in the application traffic

Expert Solution
Questions # 20:

Which three Fortinet products can you use for device identification in an OT industrial control system (ICS)? (Choose three.)

Options:
A.

FortiSIEM

B.

FortiManager

C.

FortiAnalyzer

D.

FortiGate

E.

FortiNAC

Expert Solution
Viewing page 2 out of 2 pages
Viewing questions 11-20 out of questions