Fortinet NSE7_OTS-7.2 Exam Practice Test Instant Access

Question 1

Which three Fortinet products can you use for device identification in an OT industrial control system (ICS)? (Choose three.)

AFortiSIEM

BFortiManager

CFortiAnalyzer

DFortiGate

EFortiNAC

Answer : A, D, E

Question 2

With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?

AEach traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

BThe management VDOM must have access to all global security services.

CEach VDOM must have an independent security license.

DTraffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

Answer : D

Question 3

Refer to the exhibit.

The IPS profile is added on all of the security policies on FortiGate.

For an OT network, which statement of the IPS profile is true?

AFortiGate has no IPS industrial signature database enabled.

BThe listed IPS signatures are classified as SCADAapphcat nns

CAll IPS signatures are overridden and must block traffic match signature patterns.

DThe IPS profile inspects only traffic originating from SCADA equipment.

Answer : B

Question 4

FortiAnalyzer is implemented in the OT network to receive logs from responsible FortiGate devices. The logs must be processed by FortiAnalyzer.

In this scenario, which statement is correct about the purpose of FortiAnalyzer receiving and processing multiple log messages from a given PLC or RTU?

ATo isolate PLCs or RTUs in the event of external attacks

BTo configure event handlers and take further action on FortiGate

CTo determine which type of messages from the PLC or RTU causes issues in the plant

DTo help OT administrators configure the network and prevent breaches

Answer : B

Question 5

A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.

With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

AEnable transparent mode on the edge FortiGate device.

BEnable security profiles on all interfaces connected in the control area zone.

CSet up VPN tunnels between downstream and edge FortiGate devices.

DCreate a software switch on each downstream FortiGate device.

Answer : C

Question 6

When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

AKnown trusted devices, each time they change location

BAll connected devices, each time they connect

CRogue devices, only when they connect for the first time

DRogue devices, each time they connect

Answer : C

Question 7

Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

Aport2, port2-vlan10, and port2-vlan1 are part of the software switch interface.

BThe VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.

Cport1-vlan10 and port2-vlan10 are part of the same broadcast domain

Dport1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Answer : D

Fortinet NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Exam Practice Test