Fortinet NSE7_OTS-7.2 Exam Questions Instant Access

Question 1

Which two statements are true when you deploy FortiGate as an offline IDS? (Choose two.)

AFortiGate receives traffic from configured port mirroring.

BNetwork traffic goes through FortiGate.

CFortiGate acts as network sensor.

DNetwork attacks can be detected and blocked.

Answer : B, C

Question 2

Refer to the exhibit.

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.

What must you do to achieve this objective?

AYou must use a FortiAuthenticator.

BYou must register the same FortiToken on more than one FortiGate.

CYou must use the user self-registration server.

DYou must use a third-party RADIUS OTP server.

Answer : A

Question 3

Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS? (Choose two.)

AModbus

BNIST Cybersecurity

CIEC 62443

DIEC104

DIEC 104: Atelecontrol protocolfor SCADA (based on IEC 60870-5-104). It isnot a security framework.
FortiSIEM OT Monitoring Handbook:
'IEC 104 is used for data transmission in electrical grids. Like Modbus, it requires external security controls.'
Key Documentation Extracts
Fortinet OT Security Solution Guide (v7.2):
*'Industrial environments align with IEC 62443 for OT-specific controls and NIST CSF for risk governance. Protocols like Modbus/IEC 104 require additional hardening.'*
NSE 7 OT Security 7.2 Curriculum:
'IEC 62443 addresses OT asset discovery, segmentation, and threat detection. NIST CSF complements it with risk assessment methodologies.'

Answer : B, C

B . NIST Cybersecurity Framework (CSF)

Role: Provides a risk-based approach to manage cybersecurity for critical infrastructure (including ICS/SCADA/DCS).

Fortinet Reference:

Fortinet OT Security Solution Guide (v7.2): 'The NIST Cybersecurity Framework is widely adopted in OT environments to align security practices with business objectives, manage risks, and ensure resilience.' Page 12: 'Framework adoption (e.g., NIST CSF) helps organizations prioritize OT asset protection.'

C . IEC 62443

Role: International standardspecifically designedfor ICS/OT security, covering technical controls, processes, and risk management.

Fortinet Reference:

*Fortinet NSE 7 - OT Security 7.2 Study Guide*: 'IEC 62443 is the foundational standard for securing industrial automation and control systems (IACS), including SCADA and DCS. It defines security zones, conduits, and security levels (SLT).' *Module 4: 'IEC 62443 provides OT-specific security requirements not covered by IT frameworks.'*

Why Other Options Are Incorrect

A . Modbus: Acommunication protocol(not a framework) used in OT environments. It lacks security features and governance.

FortiGate OT Security Guide: 'Modbus is an unauthenticated, cleartext protocol vulnerable to eavesdropping. It is not a security framework.'

Question 4

You are investigating a series of incidents that occurred in the OT network over past 24 hours in FortiSIEM.

Which three FortiSIEM options can you use to investigate these incidents? (Choose three.)

ASecurity

BIPS

CList

DRisk

EOverview

Answer : C, D, E

Question 5

What is the primary objective of implementing SD-WAN in operational technology (OT) networks'?

AReduce security risk and threat attacks

BRemove centralized network security policies

CEnhance network performance of OT applications

DReplace standard links with lower cost connections

Answer : C

Question 6

In a wireless network integration, how does FortiNAC obtain connecting MAC address information?

ARADIUS

BLink traps

CEnd station traffic monitoring

DMAC notification traps

Answer : A

FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients that authenticate through the RADIUS server.

Fortinet NSE 7 - OT Security 6.4 Study Guide, Chapter 4: OT Security Devices, page 4-28.

Question 7

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.

What should the OT supervisor do to achieve this on FortiGate?

AConfigure a firewall policy with LDAP users and place it on the top of list of firewall policies.

BEnable two-factor authentication with FSSO.

CConfigure a firewall policy with FSSO users and place it on the top of list of firewall policies.

DUnder config user settings configure set auth-on-demand implicit.

Answer : C

The OT supervisor should configure a firewall policy with FSSO users and place it on the top of list of firewall policies in order to achieve the goal of authenticating users against passive authentication first and, if passive authentication is not successful, then challenging them with active authentication.

Fortinet NSE 7 - OT Security 7.2 NSE7_OTS-7.2 Exam Questions