Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

Dumpsbuddy Logo
  1. Home
  2. Fortinet
  3. NSE 7 Network Security Architect
  4. NSE7_OTS-7.2
  5. Fortinet NSE 7 - OT Security 7.2 Questions and Answers

NSE7_OTS-7.2 Fortinet NSE 7 - OT Security 7.2 Questions and Answers

Questions 4

As an OT network administrator you are managing three FortiGate devices that each protect different levels on the Purdue model To increase traffic visibility you are required to implement additional security measures to detect protocols from PLCs

Which security sensor must you implement to detect protocols on the OT network?

Options:

A.

Endpoint Detection and Response (EDR)

B.

Deep packet inspection (DPI)

C.

Intrusion prevention system (IPS)

D.

Application control (AC)

Buy Now
Questions 5

When you create a user or host profile, which three criteria can you use? (Choose three.)

Options:

A.

Host or user group memberships

B.

Administrative group membership

C.

An existing access control policy

D.

Location

E.

Host or user attributes

Buy Now
Questions 6

Which statement is correct about processing matched rogue devices by FortiNAC?

Options:

A.

FortiNAC cannot revalidate matched devices.

B.

FortiNAC remembers the match ng rule of the rogue device

C.

FortiNAC disables matching rule of previously-profiled rogue devices.

D.

FortiNAC matches the rogue device with only one device profiling rule.

Buy Now
Questions 7

What can be assigned using network access control policies?

Options:

A.

Layer 3 polling intervals

B.

FortiNAC device polling methods

C.

Logical networks

D.

Profiling rules

Buy Now
Questions 8

Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)

Options:

A.

SNMP

B.

ICMP

C.

API

D.

RADIUS

E.

TACACS

Buy Now
Questions 9

How can you achieve remote access and internet availability in an OT network?

Options:

A.

Create a back-end backup network as a redundancy measure.

B.

Implement SD-WAN to manage traffic on each ISP link.

C.

Add additional internal firewalls to access OT devices.

D.

Create more access policies to prevent unauthorized access.

Buy Now
Questions 10

An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.

Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

Options:

A.

You must set correct operator in event handler to trigger an event.

B.

You can automate SOC tasks through playbooks.

C.

Each playbook can include multiple triggers.

D.

You cannot use Windows and Linux hosts security events with FortiSoC.

Buy Now
Questions 11

Refer to the exhibit.

NSE7_OTS-7.2 Question 11

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.

What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

Options:

A.

Set a unique forward domain for each interface of the software switch.

B.

Create a VLAN for each device and replace the current FGT-2 software switch members.

C.

Enable explicit intra-switch policy to require firewall policies on FGT-2.

D.

Implement policy routes on FGT-2 to control traffic between devices.

Buy Now
Questions 12

Refer to the exhibit.

NSE7_OTS-7.2 Question 12

You are assigned to implement a remote authentication server in the OT network.

Which part of the hierarchy should the authentication server be part of?

Options:

A.

Edge

B.

Cloud

C.

Core

D.

Access

Buy Now
Questions 13

Refer to the exhibit.

NSE7_OTS-7.2 Question 13

Given the configurations on the FortiGate, which statement is true?

Options:

A.

FortiGate is configured with forward-domains to reduce unnecessary traffic.

B.

FortiGate is configured with forward-domains to forward only domain controller traffic.

C.

FortiGate is configured with forward-domains to forward only company domain website traffic.

D.

FortiGate is configured with forward-domains to filter and drop non-domain controller traffic.

Buy Now
Questions 14

The OT network analyst runs different level of reports to quickly explore threats that exploit the network. Such reports can be run on all routers, switches, and firewalls. Which FortiSIEM reporting method helps to identify these type of exploits of image firmware files?

Options:

A.

CMDB reports

B.

Threat hunting reports

C.

Compliance reports

D.

OT/loT reports

Buy Now
Questions 15

To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?

Options:

A.

By inspecting software and software-based vulnerabilities

B.

By inspecting applications only on nonprotected traffic

C.

By inspecting applications with more granularity by inspecting subapplication traffic

D.

By inspecting protocols used in the application traffic

Buy Now
Questions 16

When device profiling rules are enabled, which devices connected on the network are evaluated by the device profiling rules?

Options:

A.

Known trusted devices, each time they change location

B.

All connected devices, each time they connect

C.

Rogue devices, only when they connect for the first time

D.

Rogue devices, each time they connect

Buy Now
Questions 17

Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)? (Choose three.)

Options:

A.

FortiNAC

B.

FortiManager

C.

FortiAnalyzer

D.

FortiSIEM

E.

FortiGate

Buy Now
Questions 18

in an operation technology (OT) network FortiAnalyzer is used to receive and process logs from responsible FortiGate devices

Which statement about why FortiAnalyzer is receiving and processing multiple tog messages from a given programmable logic controller (PLC) or remote terminal unit (RTU) is true'?

Options:

A.

To determine which type of messages from the PLC or RTU causes issues in the plant

B.

To isolate PLCs or RTUs in the event of external attacks

C.

To help OT administrators troubleshoot and diagnose the OT network

D.

To track external threats and prevent them attacking the OT network

Buy Now
Questions 19

Refer to the exhibit.

NSE7_OTS-7.2 Question 19

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.

What must you do to achieve this objective?

Options:

A.

You must use a FortiAuthenticator.

B.

You must register the same FortiToken on more than one FortiGate.

C.

You must use the user self-registration server.

D.

You must use a third-party RADIUS OTP server.

Buy Now
Questions 20

Which three common breach points can be found in a typical OT environment? (Choose three.)

Options:

A.

Global hat

B.

Hard hat

C.

VLAN exploits

D.

Black hat

E.

RTU exploits

Buy Now
Exam Code: NSE7_OTS-7.2
Exam Name: Fortinet NSE 7 - OT Security 7.2
Last Update: Oct 16, 2025
Questions: 69

PDF + Testing Engine

$134.99
buy now NSE7_OTS-7.2 pdf + testing engine

Testing Engine

$99.99
buy now NSE7_OTS-7.2 testing engine

PDF (Q&A)

$84.99
buy now NSE7_OTS-7.2 pdf