NSE7_OTS-7.2 Questions and Answers

Question # 6

An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.

Which statement about the industrial signature database on FortiGate is true?

A supervisor must purchase an industrial signature database and import it to the FortiGate.

An administrator must create their own database using custom signatures.

By default, the industrial database is enabled.

A supervisor can enable it through the FortiGate CLI.

Full Access

Question # 7

Refer to the exhibit, which shows a non-protected OT environment.

An administrator needs to implement proper protection on the OT network.

Which three steps should an administrator take to protect the OT network? (Choose three.)

Deploy an edge FortiGate between the internet and an OT network as a one-arm sniffer.

Deploy a FortiGate device within each ICS network.

Configure firewall policies with web filter to protect the different ICS networks.

Configure firewall policies with industrial protocol sensors

Use segmentation

Full Access

Question # 8

Refer to the exhibit.

An OT administrator ran a report to identify device inventory in an OT network.

Based on the report results, which report was run?

A FortiSIEM CMDB report

A FortiAnalyzer device report

A FortiSIEM incident report

A FortiSIEM analytics report

Full Access

Question # 9

Refer to the exhibit.

The IPS profile is added on all of the security policies on FortiGate.

For an OT network, which statement of the IPS profile is true?

FortiGate has no IPS industrial signature database enabled.

The listed IPS signatures are classified as SCADA equipment.

All IPS signatures are overridden and must block traffic match signature patterns.

The IPS profile inspects only traffic originating from SCADA equipment.

Full Access

Question # 10

Refer to the exhibit.

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Edge

Cloud

Core

Access

Full Access

Question # 11

Which statement about the IEC 104 protocol is true?

IEC 104 is used for telecontrol SCADA in electrical engineering applications.

IEC 104 is IEC 101 compliant in old SCADA systems.

IEC 104 protects data transmission between OT devices and services.

IEC 104 uses non-TCP/IP standards.

Full Access

Question # 12

Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Full Access

Answer:

Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1: NSE 7 Network Security Architect - Fortinet

Question # 13

What is the primary objective of implementing SD-WAN in operational technology (OT) networks'?

Reduce security risk and threat attacks

Remove centralized network security policies

Enhance network performance of OT applications

Replace standard links with lower cost connections

Full Access

Question # 14

Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

Set a unique forward domain on each interface on the network.

Set FortiGate to operate in transparent mode.

Set a software switch on FortiGate to handle inter-VLAN traffic.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Full Access

Question # 15

As an OT administrator, it is important to understand how industrial protocols work in an OT network.

Which communication method is used by the Modbus protocol?

It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.

It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.

It uses OSI Layer 2 and the secondary device sends data based on request from primary device.

Full Access

Question # 16

Which two statements about the Modbus protocol are true? (Choose two.)

Modbus uses UDP frames to transport MBAP and function codes.

Most of the PLC brands come with a built-in Modbus module.

You can implement Modbus networking settings on internetworking devices.

Modbus is used to establish communication between intelligent devices.

Full Access

Question # 17

Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS? (Choose two.)

Modbus

NIST Cybersecurity

IEC 62443

IEC104

Full Access

Answer:

B, C

Explanation:

B. NIST Cybersecurity Framework (CSF)

Role: Provides a risk-based approach to manage cybersecurity for critical infrastructure (including ICS/SCADA/DCS).

Fortinet Reference:

Fortinet OT Security Solution Guide (v7.2):

"The NIST Cybersecurity Framework is widely adopted in OT environments to align security practices with business objectives, manage risks, and ensure resilience."

Page 12: "Framework adoption (e.g., NIST CSF) helps organizations prioritize OT asset protection."

C. IEC 62443

Role: International standard specifically designed for ICS/OT security, covering technical controls, processes, and risk management.

Fortinet Reference:

*Fortinet NSE 7 - OT Security 7.2 Study Guide*:

"IEC 62443 is the foundational standard for securing industrial automation and control systems (IACS), including SCADA and DCS. It defines security zones, conduits, and security levels (SLT)."

*Module 4: "IEC 62443 provides OT-specific security requirements not covered by IT frameworks."*

Why Other Options Are Incorrect

A. Modbus: A communication protocol (not a framework) used in OT environments. It lacks security features and governance.

FortiGate OT Security Guide:

"Modbus is an unauthenticated, cleartext protocol vulnerable to eavesdropping. It is not a security framework."

D. IEC 104: A telecontrol protocol for SCADA (based on IEC 60870-5-104). It is not a security framework.

FortiSIEM OT Monitoring Handbook:

"IEC 104 is used for data transmission in electrical grids. Like Modbus, it requires external security controls."

Key Documentation Extracts

Fortinet OT Security Solution Guide (v7.2):

*"Industrial environments align with IEC 62443 for OT-specific controls and NIST CSF for risk governance. Protocols like Modbus/IEC 104 require additional hardening."*

NSE 7 OT Security 7.2 Curriculum:

"IEC 62443 addresses OT asset discovery, segmentation, and threat detection. NIST CSF complements it with risk assessment methodologies."

Question # 18

An OT supervisor has configured LDAP and FSSO for the authentication. The goal is that all the users be authenticated against passive authentication first and, if passive authentication is not successful, then users should be challenged with active authentication.

What should the OT supervisor do to achieve this on FortiGate?

Configure a firewall policy with LDAP users and place it on the top of list of firewall policies.

Enable two-factor authentication with FSSO.

Configure a firewall policy with FSSO users and place it on the top of list of firewall policies.

Under config user settings configure set auth-on-demand implicit.

Full Access

Question # 19

Refer to the exhibit and analyze the output.

Which statement about the output is true?

This is a sample of a FortiAnalyzer system interface event log.

This is a sample of an SNMP temperature control event log.

This is a sample of a PAM event type.

This is a sample of FortiGate interface statistics.

Full Access

Question # 20

Which type of attack posed by skilled and malicious users of security level 4 (SL 4) of IEC 62443 is designed to defend against intentional attacks?

Users with access to moderate resources

Users with low access to resources

Users with unintentional operator error

Users with substantial resources

Full Access

Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

DumpsTool Header

dumpstool logo

NSE7_OTS-7.2 Questions and Answers

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Quick Links

Why Us

Updated Exams

Site Secure

Footer