Fortinet NSE7_OTS-7.2 Exam Practice Test Instant Access

Question 1

[Industrial Protocols and Risk Assessment]

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

APlanning a threat hunting strategy

BImplementing strategies to automatically bring PLCs offline

CCreating disaster recovery plans to switch operations to a backup plant

DEvaluating what can go wrong before it happens

Answer : A, C

Question 2

[Fortinet Products for OT Security]

The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?

ACMDB reports

BThreat hunting reports

CCompliance reports

DOT/loT reports

Answer : B

Question 3

[Industrial Protocols and Risk Assessment]

Refer to the exhibits.

Which statement is true about the traffic passing through to PLC-2?

AIPS must be enabled to inspect application signatures.

BThe application filter overrides the default action of some IEC 104 signatures.

CIEC 104 signatures are all allowed except the C.BO.NA 1 signature.

DSSL Inspection must be set to deep-inspection to correctly apply application control.

Answer : B

Question 4

[Fortinet Products for OT Security]

You are investigating a series of incidents that occurred in the OT network over past 24 hours in FortiSIEM.

Which three FortiSIEM options can you use to investigate these incidents? (Choose three.)

ASecurity

BIPS

CList

DRisk

EOverview

Answer : C, D, E

Question 5

[Fortinet Products for OT Security]

Refer to the exhibit.

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

AThe first condition on the SubPattern filter must use the OR logical operator.

BThe attributes in the Group By section must match the ones in Fitters section.

CThe Aggregate attribute COUNT expression is incompatible with the filters.

DThe SubPattern is missing the filter to match the Modbus protocol.

Answer : B

Question 6

[Fortinet Products for OT Security]

Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

Aport2, port2-vlan10, and port2-vlan1 are part of the software switch interface.

BThe VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.

Cport1-vlan10 and port2-vlan10 are part of the same broadcast domain

Dport1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Answer : D

Question 7

[Fortinet Products for OT Security]

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.

Which step must the administrator take to achieve this task?

AConfigure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.

BCreate a notification policy and define a script/remediation on FortiSIEM.

CDefine a script/remediation on FortiManager and enable a notification rule on FortiSIEM.

DDeploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Answer : B

Fortinet NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Exam Practice Test