Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Get Sep-2024 updated NSE7_OTS-7.2 Certification Exam Sample Questions [Q23-Q39]

Get Sep-2024 updated NSE7_OTS-7.2 Certification Exam Sample Questions [Q23-Q39]

Share

Get Sep-2024 updated NSE7_OTS-7.2 Certification Exam Sample Questions

NSE7_OTS-7.2 Study Guide Cover to Cover as Literally

NEW QUESTION # 23
Which statemenl about the IEC 104 protocol is true?

  • A. IEC 104 uses non-TCP/IP standards.
  • B. IEC 104 is used for telecontrol SCADA in electrical engineering applications.
  • C. IEC 104 is IEC 101 compliant in old SCADA systems.
  • D. IEC 104 protects data transmission between OT devices and services.

Answer: B


NEW QUESTION # 24
How can you achieve remote access and internel availability in an OT network?

  • A. Create a back-end backup network as a redundancy measure.
  • B. Add additional internal firewalls to access OT devices.
  • C. Implement SD-WAN to manage traffic on each ISP link.
  • D. Create more access policies to prevent unauthorized access.

Answer: C


NEW QUESTION # 25
How can you achieve remote access and internet availability in an OT network?

  • A. Create a back-end backup network as a redundancy measure.
  • B. Add additional internal firewalls to access OT devices.
  • C. Implement SD-WAN to manage traffic on each ISP link.
  • D. Create more access policies to prevent unauthorized access.

Answer: C


NEW QUESTION # 26
Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.
Which change must the OT network administrator make?

  • A. Change the security action of the industrial category to monitor.
  • B. Remove IEC.60870.5.104 Information.Transfer from the first filter override.
  • C. Set all application categories to apply default actions.
  • D. Set the priority of the C.BO.NA.1 signature override to 1.

Answer: D

Explanation:
Explanation
According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:
Allow: The FortiGate unit allows the traffic without any further inspection.
Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.
Block: The FortiGate unit blocks the traffic and logs it as an attack.
The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.
In the exhibit, the application sensor has the following settings:
The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.
The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.
The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.
The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.
To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.
1: NSE 7 Network Security Architect - Fortinet


NEW QUESTION # 27
When you create a user or host profile, which three criteria can you use? (Choose three.)

  • A. Host or user group memberships
  • B. Host or user attributes
  • C. Location
  • D. Administrative group membership
  • E. An existing access control policy

Answer: A,B,C

Explanation:
Explanation
https://docs.fortinet.com/document/fortinac/9.2.0/administration-guide/15797/user-host-profiles


NEW QUESTION # 28
Refer to the exhibit.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.
Which statement correctly describes the issue on the rule configuration?

  • A. The first condition on the SubPattern filter must use the OR logical operator.
  • B. The SubPattern is missing the filter to match the Modbus protocol.
  • C. The Aggregate attribute COUNT expression is incompatible with the filters.
  • D. The attributes in the Group By section must match the ones in Fitters section.

Answer: D


NEW QUESTION # 29
Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

  • A. FortiNAC for network access control
  • B. FortiGate for SD-WAN
  • C. FortiGate for application control and IPS
  • D. FortiEDR for endpoint detection
  • E. FortiSIEM for security incident and event management

Answer: A,C,D


NEW QUESTION # 30
Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.
Which change must the OT network administrator make?

  • A. Change the security action of the industrial category to monitor.
  • B. Set the priority of the C.BO.NA.1 signature override to 1.
  • C. Set all application categories to apply default actions.
  • D. Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Answer: D

Explanation:
According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:
* Allow: The FortiGate unit allows the traffic without any further inspection.
* Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.
* Block: The FortiGate unit blocks the traffic and logs it as an attack.
The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.
In the exhibit, the application sensor has the following settings:
* The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.
* The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
* The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.
* The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.
* The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.
To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.
1: NSE 7 Network Security Architect - Fortinet


NEW QUESTION # 31
An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.
What is a possible reason?

  • A. FortiGate determined the user by passive authentication
  • B. Two-factor authentication is not configured with RADIUS authentication method
  • C. FortiNAC determined the user by DHCP fingerprint method
  • D. The user was determined by Security Fabric

Answer: A


NEW QUESTION # 32
Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

  • A. The FortiGate devices is in offline IDS mode.
  • B. The FortiGate-Edge device must be in NAT mode.
  • C. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
  • D. Port5 is not a member of the software switch.

Answer: B,C


NEW QUESTION # 33
What two advantages does FortiNAC provide in the OT network? (Choose two.)

  • A. It can be used for industrial intrusion detection and prevention.
  • B. It can be used for IoT device detection.
  • C. It can be used for network micro-segmentation.
  • D. It can be used for device profiling.

Answer: B,D

Explanation:
Explanation
Typically, in a microsegmented network, NGFWs are used in conjunction with VLANs to implement security policies and to inspect and filter network communications. Fortinet FortiSwitch and FortiGate NGFW offer an integrated approach to microsegmentation.


NEW QUESTION # 34
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.
What are two possible reasons why the report output was empty? (Choose two.)

  • A. The administrator selected the wrong time period for the report.
  • B. The administrator selected the wrong logs to be indexed in FortiAnalyzer.
  • C. The administrator selected the wrong hcache table for the report.
  • D. The administrator selected the wrong devices in the Devices section.

Answer: A,D

Explanation:
Explanation
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/32cb817d-a307-11eb-b70b-0050569258


NEW QUESTION # 35
An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.
Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

  • A. Each playbook can include multiple triggers.
  • B. You can automate SOC tasks through playbooks.
  • C. You must set correct operator in event handler to trigger an event.
  • D. You cannot use Windows and Linux hosts security events with FortiSoC.

Answer: B,C

Explanation:
Ref: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/268882/fortisoc


NEW QUESTION # 36
Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other.
Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.)

  • A. The switch on FGT-2 must be hardware to implement micro-segmentation.
  • B. Traffic must be inspected by FGT-EDGE in OT networks.
  • C. Micro-segmentation on FGT-2 prevents direct device-to-device communication.
  • D. FGT-2 controls intra-VLAN traffic through firewall policies.

Answer: C,D


NEW QUESTION # 37
Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

  • A. port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.
  • B. The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.
  • C. port1-vlan10 and port2-vlan10 are part of the same broadcast domain
  • D. port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Answer: D


NEW QUESTION # 38
Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

  • A. Set FortiGate to operate in transparent mode.
  • B. Set a software switch on FortiGate to handle inter-VLAN traffic.
  • C. Set a FortiGate interface with the switch to operate as an 802.1 q trunk.
  • D. Set a unique forward domain on each interface on the network.

Answer: C


NEW QUESTION # 39
......

100% Real & Accurate NSE7_OTS-7.2 Questions and Answers with Free and Fast Updates: https://www.testsimulate.com/NSE7_OTS-7.2-study-materials.html

Get Unlimited Access to NSE7_OTS-7.2 Certification Exam Cert Guide: https://drive.google.com/open?id=1fmmqtIegvfVg-yztNEgNcvcRj4AupsJA

Related Blogs

more
Go To NSE7_OTS-7.2 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.