Fortinet NSE7_OTS-7.2 Exam Practice Test Instant Access

Question 1

[Fortinet Products for OT Security]

Refer to the exhibits.

Which statement about some of the generated report elements from FortiAnalyzer is true?

AThe report confirms Modbus and IEC 104 are the key applications crossing the network.

BFortiGate collects the logs and generates the report to FortiAnalyzer.

CThe file types confirm the infected applications on the PLCs.

DThis report is predefined and is not available for customization.

Answer : A

Question 2

[Fortinet Products for OT Security]

Which three common breach points can be found in a typical OT environment? (Choose three.)

AGlobal hat

BHard hat

CVLAN exploits

DBlack hat

ERTU exploits

Answer : B, D, E

Question 3

[Secure Access and Authentication]

An OT network administrator is trying to implement active authentication.

Which two methods should the administrator use to achieve this? (Choose two.)

ATwo-factor authentication on FortiAuthenticator

BRole-based authentication on FortiNAC

CFSSO authentication on FortiGate

DLocal authentication on FortiGate

Answer : A, D

Question 4

[Fortinet Products for OT Security]

Which statement is correct about processing matched rogue devices by FortiNAC?

AFortiNAC cannot revalidate matched devices.

BFortiNAC remembers the match ng rule of the rogue device

CFortiNAC disables matching rule of previously-profiled rogue devices.

DFortiNAC matches the rogue device with only one device profiling rule.

Answer : D

Question 5

[Fortinet Products for OT Security]

What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

AEnhanced point of connection details

BDirect VLAN assignment

CAdapter consolidation for multi-adapter hosts

DImportation and classification of hosts

Answer : C, D

Question 6

[Fortinet Products for OT Security]

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.

What should the OT supervisor do to achieve this on FortiGate?

AConfigure a firewall policy with LDAP users and place it on the top of list of firewall policies.

BEnable two-factor authentication with FSSO.

CConfigure a firewall policy with FSSO users and place it on the top of list of firewall policies.

DUnder config user settings configure set auth-on-demand implicit.

Answer : C

Question 7

[Industrial Protocols and Risk Assessment]

Refer to the exhibits.

Which statement is true about the traffic passing through to PLC-2?

AIPS must be enabled to inspect application signatures.

BThe application filter overrides the default action of some IEC 104 signatures.

CIEC 104 signatures are all allowed except the C.BO.NA 1 signature.

DSSL Inspection must be set to deep-inspection to correctly apply application control.

Answer : B

Fortinet NSE 7 - OT Security 7.2 NSE7_OTS-7.2 Exam Practice Test