Fortinet NSE7_OTS-7.2 Fortinet NSE 7 – OT Security7.2 Online Training
Fortinet NSE7_OTS-7.2 Online Training
The questions for NSE7_OTS-7.2 were last updated at Jan 02,2025.
- Exam Code: NSE7_OTS-7.2
- Exam Name: Fortinet NSE 7 - OT Security7.2
- Certification Provider: Fortinet
- Latest update: Jan 02,2025
An OT administrator deployed many devices to secure the OT network. However, the SOC team is reporting that there are too many alerts, and that many of the alerts are false positive. The OT administrator would like to find a solution that eliminates repetitive tasks, improves efficiency, saves time, and saves resources.
Which products should the administrator deploy to address these issues and automate most of the manual tasks done by the SOC team?
- A . FortiSIEM and FortiManager
- B . FortiSandbox and FortiSIEM
- C . FortiSOAR and FortiSIEM
- D . A syslog server and FortiSIEM
Refer to the exhibit.
You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?
- A . You must use a FortiAuthenticator.
- B . You must register the same FortiToken on more than one FortiGate.
- C . You must use the user self-registration server.
- D . You must use a third-party RADIUS OTP server.
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.
What should the OT supervisor do to achieve this on FortiGate?
- A . Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.
- B . Enable two-factor authentication with FSSO.
- C . Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.
- D . Under config user settings configure set auth-on-demand implicit.
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?
- A . FortiGate
- B . FortiEDR
- C . FortiSwitch
- D . FortiNAC
Refer to the exhibit.
Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)
- A . Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.
- B . Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
- C . IT and OT networks are separated by segmentation.
- D . FortiGate-3 and FortiGate-4 devices must be in a transparent mode.
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)
- A . SNMP
- B . ICMP
- C . API
- D . RADIUS
- E . TACACS
An OT architect has deployed a Layer 2 switch in the OT network at Level 1 the Purdue model-process control. The purpose of the Layer 2 switch is to segment traffic between PLC1 and PLC2 with two VLANs. All the traffic between PLC1 and PLC2 must first flow through the Layer 2 switch and then through the FortiGate device in the Level 2 supervisory control network.
What statement about the traffic between PLC1 and PLC2 is true?
- A . The Layer 2 switch rewrites VLAN tags before sending traffic to the FortiGate device.
- B . The Layer 2 switches routes any traffic to the FortiGate device through an Ethernet link.
- C . PLC1 and PLC2 traffic must flow through the Layer-2 switch trunk link to the FortiGate device.
- D . In order to communicate, PLC1 must be in the same VLAN as PLC2.
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?
- A . Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.
- B . Create a notification policy and define a script/remediation on FortiSIEM.
- C . Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.
- D . Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.
When you create a user or host profile, which three criteria can you use? (Choose three.)
- A . Host or user group memberships
- B . Administrative group membership
- C . An existing access control policy
- D . Location
- E . Host or user attributes
Refer to the exhibit, which shows a non-protected OT environment.
An administrator needs to implement proper protection on the OT network.
Which three steps should an administrator take to protect the OT network? (Choose three.)
- A . Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.
- B . Deploy a FortiGate device within each ICS network.
- C . Configure firewall policies with web filter to protect the different ICS networks.
- D . Configure firewall policies with industrial protocol sensors
- E . Use segmentation
Latest NSE7_OTS-7.2 Dumps Valid Version with 49 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
