Guaranteed Success in NSE 7 Network Security Architect NSE7_OTS-7.2 Exam Dumps [Q35-Q59]

Rate this post

Guaranteed Success in NSE 7 Network Security Architect NSE7_OTS-7.2 Exam Dumps

Fortinet NSE7_OTS-7.2 Daily Practice Exam New 2024 Updated 74 Questions

Fortinet NSE7_OTS-7.2 certification exam is an excellent opportunity for IT professionals to validate their skills and expertise in securing OT environments. Fortinet NSE 7 – OT Security 7.2 certification is designed to equip individuals with the necessary knowledge and skills to implement security solutions and respond to security incidents effectively. With the increasing demand for OT security professionals, the Fortinet NSE 7 – OT Security 7.2 certification can help individuals advance their career and open up new opportunities in the cybersecurity industry.

QUESTION 35
Refer to the exhibit.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.

Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.

IT and OT networks are separated by segmentation.

FortiGate-3 and FortiGate-4 devices must be in a transparent mode.

QUESTION 36
An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication. What should the OT supervisor do to achieve this on FortiGate?

Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

Enable two-factor authentication with FSSO.

Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.

Under config user settings configure set auth-on-demand implicit.

QUESTION 37
What triggers Layer 2 polling of infrastructure devices connected in the network?

A failed Layer 3 poll

A matched security policy

A matched profiling rule

A linkup or linkdown trap

QUESTION 38
Refer to the exhibit.

You are assigned to implement a remote authentication server in the OT network.
Which part of the hierarchy should the authentication server be part of?

Edge

Cloud

Core

Access

QUESTION 39
Which statemenl about the IEC 104 protocol is true?

IEC 104 is used for telecontrol SCADA in electrical engineering applications.

IEC 104 is IEC 101 compliant in old SCADA systems.

IEC 104 protects data transmission between OT devices and services.

IEC 104 uses non-TCP/IP standards.

QUESTION 40
An administrator needs to group FortiGate wireless interfaces in NAT mode with multiple physical interfaces. What interface type must the administrator select to group multiple FortiGate interfaces with the wireless interface?

Aggregate interface

VLAN interface

Software switch interface

Redundant interface

QUESTION 41
Refer to the exhibit. An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

The FortiGate-Edge device must be in NAT mode.

NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.

The FortiGate devices is in offline IDS mode.

Port5 is not a member of the software switch.

QUESTION 42
How can you achieve remote access and internel availability in an OT network?

Create a back-end backup network as a redundancy measure.

Implement SD-WAN to manage traffic on each ISP link.

Add additional internal firewalls to access OT devices.

Create more access policies to prevent unauthorized access.

QUESTION 43
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?

RADIUS

Link traps

End station traffic monitoring

MAC notification traps

QUESTION 44
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs. Which security sensor must implement to detect these types of industrial exploits?

Intrusion prevention system (IPS)

Deep packet inspection (DPI)

Antivirus inspection

Application control

QUESTION 45
When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

Known trusted devices, each time they change location

All connected devices, each time they connect

Rogue devices, only when they connect for the first time

Rogue devices, each time they connect

QUESTION 46
Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)?
(Choose three.)

FortiNAC

FortiManager

FortiAnalyzer

FortiSIEM

FortiGate

QUESTION 47
With the limit of using one firewall device, the administrator enables multi-VDOM on FortiGate to provide independent multiple security domains to each ICS network. Which statement ensures security protection is in place for all ICS networks?

Each traffic VDOM must have a direct connection to FortiGuard services to receive the required security updates.

The management VDOM must have access to all global security services.

Each VDOM must have an independent security license.

Traffic between VDOMs must pass through the physical interfaces of FortiGate to check for security incidents.

QUESTION 48
Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic?
(Choose three.)

Services defined in the firewall policy.

Source defined as internet services in the firewall policy

Lowest to highest policy ID number

Destination defined as internet services in the firewall policy

Highest to lowest priority defined in the firewall policy

QUESTION 49
Refer to the exhibit.

Given the configurations on the FortiGate, which statement is true?

FortiGate is configured with forward-domains to reduce unnecessary traffic.

FortiGate is configured with forward-domains to forward only domain controller traffic.

FortiGate is configured with forward-domains to forward only company domain website traffic.

FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

QUESTION 50
An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.
Which step must the administrator take to achieve this task?

Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.

Create a notification policy and define a script/remediation on FortiSIEM.

Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.

Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

QUESTION 51
A FortiGate device is newly deployed as the edge gateway of an OT network security fabric. The downstream FortiGate devices are also newly deployed as Security Fabric leafs to protect the control area zone.
With no additional essential networking devices, and to implement micro-segmentation on this OT network, what configuration must the OT network architect apply to control intra-VLAN traffic?

Enable transparent mode on the edge FortiGate device.

Enable security profiles on all interfaces connected in the control area zone.

Set up VPN tunnels between downstream and edge FortiGate devices.

Create a software switch on each downstream FortiGate device.

QUESTION 52
Refer to the exhibits.

Which statement is true about the traffic passing through to PLC-2?

IPS must be enabled to inspect application signatures.

The application filter overrides the default action of some IEC 104 signatures.

IEC 104 signatures are all allowed except the C.BO.NA 1 signature.

SSL Inspection must be set to deep-inspection to correctly apply application control.

QUESTION 53
Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.
Which change must the OT network administrator make?

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Explanation
According to the Fortinet NSE 7 – OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:
Allow: The FortiGate unit allows the traffic without any further inspection.
Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.
Block: The FortiGate unit blocks the traffic and logs it as an attack.
The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.
In the exhibit, the application sensor has the following settings:
The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.
The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.
The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.
The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.
To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.
1: NSE 7 Network Security Architect – Fortinet

QUESTION 54
The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?

CMDB reports

Threat hunting reports

Compliance reports

OT/loT reports

QUESTION 55
Which three Fortinet products can you use for device identification in an OT industrial control system (ICS)? (Choose three.)

FortiSIEM

FortiManager

FortiAnalyzer

FortiGate

FortiNAC

QUESTION 56
Refer to the exhibit. You are navigating through FortiSIEM in an OT network. How do you view information presented in the exhibit and what does the FortiGate device security status tell you?

In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.

In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.

In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.

In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.

QUESTION 57
Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is designed to defend against intentional attacks?

Users with access to moderate resources

Users with low access to resources

Users with unintentional operator error

Users with substantial resources

QUESTION 58
What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

Planning a threat hunting strategy

Implementing strategies to automatically bring PLCs offline

Creating disaster recovery plans to switch operations to a backup plant

Evaluating what can go wrong before it happens

QUESTION 59
Refer to the exhibit. Which statement is true about application control inspection?

The industrial application control inspection process is unique among application categories.

Security actions cannot be applied on the lowest level of the hierarchy.

You can control security actions only on the parent-level application signature

The parent signature takes precedence over the child application signature.

Test Engine to Practice NSE7_OTS-7.2 Test Questions: https://www.dumpstorrent.com/NSE7_OTS-7.2-exam-dumps-torrent.html

Guaranteed Success in NSE 7 Network Security Architect NSE7_OTS-7.2 Exam Dumps [Q35-Q59]

admin

Leave a Reply Cancel reply