Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the Fortinet NSE 7 Network Security Architect NSE7_OTS-7.2 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam NSE7_OTS-7.2 Premium Access

View all detail and faqs for the NSE7_OTS-7.2 exam

Go to Exam

416 Students Passed

88% Average Score

98% Same Questions
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.

Which statement about the industrial signature database on FortiGate is true?

Options:

A.

A supervisor must purchase an industrial signature database and import it to the FortiGate.

B.

An administrator must create their own database using custom signatures.

C.

By default, the industrial database is enabled.

D.

A supervisor can enable it through the FortiGate CLI.

Questions # 2:

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.

With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

Options:

A.

Enable transparent mode on the edge FortiGate device.

B.

Enable security profiles on all interfaces connected in the control area zone.

C.

Set up VPN tunnels between downstream and edge FortiGate devices.

D.

Create a software switch on each downstream FortiGate device.

Questions # 3:

Which three common breach points can you find in a typical OT environment? (Choose three.)

Options:

A.

Black hat

B.

VLAN exploits

C.

Global hat

D.

RTU exploits

E.

Hard hat

Questions # 4:

An OT network administrator is trying to implement active authentication.

Which two methods should the administrator use to achieve this? (Choose two.)

Options:

A.

Two-factor authentication on FortiAuthenticator

B.

Role-based authentication on FortiNAC

C.

FSSO authentication on FortiGate

D.

Local authentication on FortiGate

Questions # 5:

Which three Fortinet products can you use for device identification in an OT industrial control system (ICS)? (Choose three.)

Options:

A.

FortiSIEM

B.

FortiManager

C.

FortiAnalyzer

D.

FortiGate

E.

FortiNAC

Questions # 6:

FortiAnalyzer is implemented in the OT network to receive logs from responsible FortiGate devices. The logs must be processed by FortiAnalyzer.

In this scenario, which statement is correct about the purpose of FortiAnalyzer receiving and processing multiple log messages from a given PLC or RTU?

Options:

A.

To isolate PLCs or RTUs in the event of external attacks

B.

To configure event handlers and take further action on FortiGate

C.

To determine which type of messages from the PLC or RTU causes issues in the plant

D.

To help OT administrators configure the network and prevent breaches

Questions # 7:

An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.

What are two possible reasons why the report output was empty? (Choose two.)

Options:

A.

The administrator selected the wrong logs to be indexed in FortiAnalyzer.

B.

The administrator selected the wrong time period for the report.

C.

The administrator selected the wrong devices in the Devices section.

D.

The administrator selected the wrong hcache table for the report.

Questions # 8:

What triggers Layer 2 polling of infrastructure devices connected in the network?

Options:

A.

A failed Layer 3 poll

B.

A matched security policy

C.

A matched profiling rule

D.

A linkup or linkdown trap

Questions # 9:

Refer to the exhibit.

Which statement is true about application control inspection?

Options:

A.

The industrial application control inspection process is unique among application categories.

B.

Security actions cannot be applied on the lowest level of the hierarchy.

C.

You can control security actions only on the parent-level application signature

D.

The parent signature takes precedence over the child application signature.

Questions # 10:

Which two statements about the Modbus protocol are true? (Choose two.)

Options:

A.

Modbus uses UDP frames to transport MBAP and function codes.

B.

Most of the PLC brands come with a built-in Modbus module.

C.

You can implement Modbus networking settings on internetworking devices.

D.

Modbus is used to establish communication between intelligent devices.

Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA