NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Questions 4

Refer to the exhibit.

NSE7_OTS-7.2 Question 4

Which statement is true about application control inspection?

Options:

The industrial application control inspection process is unique among application categories.

Security actions cannot be applied on the lowest level of the hierarchy.

You can control security actions only on the parent-level application signature

The parent signature takes precedence over the child application signature.

Buy Now

Questions 5

Refer to the exhibit and analyze the output.

NSE7_OTS-7.2 Question 5

Which statement about the output is true?

Options:

This is a sample of a FortiAnalyzer system interface event log.

This is a sample of an SNMP temperature control event log.

This is a sample of a PAM event type.

This is a sample of FortiGate interface statistics.

Buy Now

Questions 6

Which three common breach points can you find in a typical OT environment? (Choose three.)

Options:

Black hat

VLAN exploits

Global hat

RTU exploits

Hard hat

Buy Now

Questions 7

Refer to the exhibit, which shows a non-protected OT environment.

NSE7_OTS-7.2 Question 7

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

Options:

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

Deploy a FortiGate device within each ICS network.

Configure firewall policies with web filter to protect the different ICS networks.

Configure firewall policies with industrial protocol sensors

Use segmentation

Buy Now

Questions 8

The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?

Options:

CMDB reports

Threat hunting reports

Compliance reports

OT/loT reports

Buy Now

Questions 9

The OT network analyst run different level of reports to quickly explore failures that could put the network at risk. Such reports can be about device performance. Which FortiSIEM reporting method helps to identify device failures?

Options:

Business service reports

Device inventory reports

CMDB operational reports

Active dependent rules reports

Buy Now

Questions 10

in an operation technology (OT) network FortiAnalyzer is used to receive and process logs from responsible FortiGate devices

Which statement about why FortiAnalyzer is receiving and processing multiple tog messages from a given programmable logic controller (PLC) or remote terminal unit (RTU) is true'?

Options:

To determine which type of messages from the PLC or RTU causes issues in the plant

To isolate PLCs or RTUs in the event of external attacks

To help OT administrators troubleshoot and diagnose the OT network

To track external threats and prevent them attacking the OT network

Buy Now

Questions 11

Refer to the exhibit.

NSE7_OTS-7.2 Question 11

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other.

Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.)

Options:

The switch on FGT-2 must be hardware to implement micro-segmentation.

Micro-segmentation on FGT-2 prevents direct device-to-device communication.

Traffic must be inspected by FGT-EDGE in OT networks.

FGT-2 controls intra-VLAN traffic through firewall policies.

Buy Now

Questions 12

Which statement is correct about processing matched rogue devices by FortiNAC?

Options:

FortiNAC cannot revalidate matched devices.

FortiNAC remembers the match ng rule of the rogue device

FortiNAC disables matching rule of previously-profiled rogue devices.

FortiNAC matches the rogue device with only one device profiling rule.

Buy Now

Questions 13

Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic? (Choose three.)

Options:

Services defined in the firewall policy.

Source defined as internet services in the firewall policy

Lowest to highest policy ID number

Destination defined as internet services in the firewall policy

Highest to lowest priority defined in the firewall policy

Buy Now

Questions 14

Operational technology (OT) network analysts run different levels of reports to identify failures that could put the network at risk Some of these reports may be related to device performance

Which FortiSIEM reporting method helps identify device failures?

Options:

Device inventory reports

Payment card industry (PCI) logging reports

Configuration management database (CMDB) operational reports

Business service reports

Buy Now

Questions 15

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.

Which step must the administrator take to achieve this task?

Options:

Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.

Create a notification policy and define a script/remediation on FortiSIEM.

Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.

Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Buy Now

Questions 16

What two advantages does FortiNAC provide in the OT network? (Choose two.)

Options:

It can be used for IoT device detection.

It can be used for industrial intrusion detection and prevention.

It can be used for network micro-segmentation.

It can be used for device profiling.

Buy Now

Questions 17

Refer to the exhibit.

NSE7_OTS-7.2 Question 17

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Options:

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Buy Now

Answer:

Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1: NSE 7 Network Security Architect - Fortinet

Questions 18

To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?

Options:

By inspecting software and software-based vulnerabilities

By inspecting applications only on nonprotected traffic

By inspecting applications with more granularity by inspecting subapplication traffic

By inspecting protocols used in the application traffic

Buy Now

Questions 19

When you create a user or host profile, which three criteria can you use? (Choose three.)

Options:

Host or user group memberships

Administrative group membership

An existing access control policy

Location

Host or user attributes

Buy Now

Questions 20

An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.

What statement about the traffic between PLC1 and PLC2 is true?

Options:

The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.

The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.

PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.

In order to communicate, PLC1 must be in the same VLAN as PLC2.

Buy Now

Exam Code: NSE7_OTS-7.2

Exam Name: Fortinet NSE 7 - OT Security 7.2

Last Update: Oct 21, 2025

Questions: 69

PDF + Testing Engine

$63.52 ~~$181.49~~

Testing Engine

$50.57 ~~$144.49~~

PDF (Q&A)

$43.57 ~~$124.49~~

NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

PDF + Testing Engine

Testing Engine

PDF (Q&A)

Quick Links

Why Us

Unlimited Packages

Marks4sure

Site Secure