Weekend Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_OTS-7.2
  5. Fortinet NSE 7 - OT Security 7.2 Questions and Answers

NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Questions 4

Refer to the exhibit.

NSE7_OTS-7.2 Question 4

An operational technology rule is created and successfully activated to monitor the Modbus protocol on FortiSIEM. However, the rule does not trigger incidents despite Modbus traffic and application logs being received correctly by FortiSIEM.

Which statement correctly describes the issue on the rule configuration?

Options:

A.

The first condition on the SubPattern filter must use the OR logical operator.

B.

The attributes in the Group By section must match the ones in Fitters section.

C.

The Aggregate attribute COUNT expression is incompatible with the filters.

D.

The SubPattern is missing the filter to match the Modbus protocol.

Buy Now
Questions 5

What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

Options:

A.

Planning a threat hunting strategy

B.

Implementing strategies to automatically bring PLCs offline

C.

Creating disaster recovery plans to switch operations to a backup plant

D.

Evaluating what can go wrong before it happens

Buy Now
Questions 6

What two advantages does FortiNAC provide in the OT network? (Choose two.)

Options:

A.

It can be used for IoT device detection.

B.

It can be used for industrial intrusion detection and prevention.

C.

It can be used for network micro-segmentation.

D.

It can be used for device profiling.

Buy Now
Questions 7

Refer to the exhibit.

NSE7_OTS-7.2 Question 7

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Options:

A.

Edge

B.

Cloud

C.

Core

D.

Access

Buy Now
Questions 8

How can you achieve remote access and internet availability in an OT network?

Options:

A.

Create a back-end backup network as a redundancy measure.

B.

Implement SD-WAN to manage traffic on each ISP link.

C.

Add additional internal firewalls to access OT devices.

D.

Create more access policies to prevent unauthorized access.

Buy Now
Questions 9

Refer to the exhibit

NSE7_OTS-7.2 Question 9

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.

Which statement about the topology is true?

Options:

A.

PLCs use IEEE802.1Q protocol to communicate each other.

B.

An administrator can create firewall policies in the switch to secure between PLCs.

C.

This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

D.

There is no micro-segmentation in this topology.

Buy Now
Questions 10

Refer to the exhibits.

NSE7_OTS-7.2 Question 10

Which statement is true about the traffic passing through to PLC-2?

Options:

A.

IPS must be enabled to inspect application signatures.

B.

The application filter overrides the default action of some IEC 104 signatures.

C.

IEC 104 signatures are all allowed except the C.BO.NA 1 signature.

D.

SSL Inspection must be set to deep-inspection to correctly apply application control.

Buy Now
Questions 11

Refer to the exhibit.

NSE7_OTS-7.2 Question 11

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

Options:

A.

Set a unique forward domain on each interface on the network.

B.

Set FortiGate to operate in transparent mode.

C.

Set a software switch on FortiGate to handle inter-VLAN traffic.

D.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Buy Now
Questions 12

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

Options:

A.

It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

B.

It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.

C.

It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.

D.

It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

Buy Now
Questions 13

Operational technology (OT) network analysts run different levels of reports to identify failures that could put the network at risk Some of these reports may be related to device performance

Which FortiSIEM reporting method helps identify device failures?

Options:

A.

Device inventory reports

B.

Payment card industry (PCI) logging reports

C.

Configuration management database (CMDB) operational reports

D.

Business service reports

Buy Now
Questions 14

FortiAnalyzer is implemented in the OT network to receive logs from responsible FortiGate devices. The logs must be processed by FortiAnalyzer.

In this scenario, which statement is correct about the purpose of FortiAnalyzer receiving and processing multiple log messages from a given PLC or RTU?

Options:

A.

To isolate PLCs or RTUs in the event of external attacks

B.

To configure event handlers and take further action on FortiGate

C.

To determine which type of messages from the PLC or RTU causes issues in the plant

D.

To help OT administrators configure the network and prevent breaches

Buy Now
Questions 15

Refer to the exhibit.

NSE7_OTS-7.2 Question 15

Which statement about the interfaces shown in the exhibit is true?

Options:

A.

port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.

B.

The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.

C.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain

D.

port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Buy Now
Questions 16

An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.

Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

Options:

A.

You must set correct operator in event handler to trigger an event.

B.

You can automate SOC tasks through playbooks.

C.

Each playbook can include multiple triggers.

D.

You cannot use Windows and Linux hosts security events with FortiSoC.

Buy Now
Questions 17

Refer to the exhibit.

NSE7_OTS-7.2 Question 17

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other.

Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.)

Options:

A.

The switch on FGT-2 must be hardware to implement micro-segmentation.

B.

Micro-segmentation on FGT-2 prevents direct device-to-device communication.

C.

Traffic must be inspected by FGT-EDGE in OT networks.

D.

FGT-2 controls intra-VLAN traffic through firewall policies.

Buy Now
Questions 18

What is the primary objective of implementing SD-WAN in operational technology (OT) networks'?

Options:

A.

Reduce security risk and threat attacks

B.

Remove centralized network security policies

C.

Enhance network performance of OT applications

D.

Replace standard links with lower cost connections

Buy Now
Questions 19

Refer to the exhibit.

NSE7_OTS-7.2 Question 19

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.

What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

Options:

A.

Set a unique forward domain for each interface of the software switch.

B.

Create a VLAN for each device and replace the current FGT-2 software switch members.

C.

Enable explicit intra-switch policy to require firewall policies on FGT-2.

D.

Implement policy routes on FGT-2 to control traffic between devices.

Buy Now
Questions 20

Refer to the exhibit.

NSE7_OTS-7.2 Question 20

The IPS profile is added on all of the security policies on FortiGate.

For an OT network, which statement of the IPS profile is true?

Options:

A.

FortiGate has no IPS industrial signature database enabled.

B.

The listed IPS signatures are classified as SCADA equipment.

C.

All IPS signatures are overridden and must block traffic match signature patterns.

D.

The IPS profile inspects only traffic originating from SCADA equipment.

Buy Now
Exam Code: NSE7_OTS-7.2
Exam Name: Fortinet NSE 7 - OT Security 7.2
Last Update: Jul 5, 2025
Questions: 69

PDF + Testing Engine

$49.5  $164.99
buy now NSE7_OTS-7.2 pdf + testing engine

Testing Engine

$37.5  $124.99
buy now NSE7_OTS-7.2 testing engine

PDF (Q&A)

$31.5  $104.99
buy now NSE7_OTS-7.2 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 13 Jul 2025