NSE7_OTS-7.2 Exam Dumps - Fortinet NSE 7 Network Security Architect Questions and Answers

Question # 4

Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.

Which statement about the topology is true?

Options:

PLCs use IEEE802.1Q protocol to communicate each other.

An administrator can create firewall policies in the switch to secure between PLCs.

This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

There is no micro-segmentation in this topology.

Buy Now

Question # 5

Which three Fortinet products can you use for device identification in an OT industrial control system (ICS)? (Choose three.)

Options:

FortiSIEM

FortiManager

FortiAnalyzer

FortiGate

FortiNAC

Buy Now

Question # 6

Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.

Which change must the OT network administrator make?

Options:

Set all application categories to apply default actions.

Change the security action of the industrial category to monitor.

Set the priority of the C.BO.NA.1 signature override to 1.

Remove IEC.60870.5.104 Information.Transfer from the first filter override.

Buy Now

Answer:

Explanation:

According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:

Allow: The FortiGate unit allows the traffic without any further inspection.

Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.

Block: The FortiGate unit blocks the traffic and logs it as an attack.

The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.

In the exhibit, the application sensor has the following settings:

The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.

The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.

The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.

The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.

The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.

To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.

1: NSE 7 Network Security Architect - Fortinet

Question # 7

An OT administrator has configured FSSO and local firewall authentication. A user who is part of a user group is not prompted from credentials during authentication.

What is a possible reason?

Options:

FortiGate determined the user by passive authentication

The user was determined by Security Fabric

Two-factor authentication is not configured with RADIUS authentication method

FortiNAC determined the user by DHCP fingerprint method

Buy Now

Question # 8

Refer to the exhibit and analyze the output.

Which statement about the output is true?

Options:

This is a sample of a FortiAnalyzer system interface event log.

This is a sample of an SNMP temperature control event log.

This is a sample of a PAM event type.

This is a sample of FortiGate interface statistics.

Buy Now

Question # 9

An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.

Which statement about the industrial signature database on FortiGate is true?

Options:

A supervisor must purchase an industrial signature database and import it to the FortiGate.

An administrator must create their own database using custom signatures.

By default, the industrial database is enabled.

A supervisor can enable it through the FortiGate CLI.

Buy Now

Question # 10

An OT administrator is defining an incident notification policy using FortiSIEM and would like to configure the system with a notification policy. If an incident occurs, the administrator would like to be able to intervene and block an IP address or disable a user in Active Directory from FortiSIEM.

Which step must the administrator take to achieve this task?

Options:

Configure a fabric connector with a notification policy on FortiSIEM to connect with FortiGate.

Create a notification policy and define a script/remediation on FortiSIEM.

Define a script/remediation on FortiManager and enable a notification rule on FortiSIEM.

Deploy a mitigation script on Active Directory and create a notification policy on FortiSIEM.

Buy Now

Question # 11

To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?

Options:

By inspecting software and software-based vulnerabilities

By inspecting applications only on nonprotected traffic

By inspecting applications with more granularity by inspecting subapplication traffic

By inspecting protocols used in the application traffic

Buy Now

Question # 12

Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)

Options:

SNMP

ICMP

API

RADIUS

TACACS

Buy Now

Question # 13

Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

Options:

Set a unique forward domain on each interface on the network.

Set FortiGate to operate in transparent mode.

Set a software switch on FortiGate to handle inter-VLAN traffic.

Set a FortiGate interface with the switch to operate as an 802.1 q trunk.

Buy Now

Exam Code: NSE7_OTS-7.2

Exam Name: Fortinet NSE 7 - OT Security 7.2

Last Update: Oct 31, 2025

Questions: 69

NSE7_OTS-7.2 PDF

$25.5 ~~$84.99~~

Add to Cart

NSE7_OTS-7.2 Testing Engine

$28.5 ~~$94.99~~

Add to Cart

NSE7_OTS-7.2 PDF + Testing Engine

$40.5 ~~$134.99~~

Add to Cart

Big Halloween Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

certsboard certification exams

Navigation:

NSE7_OTS-7.2 Exam Dumps - Fortinet NSE 7 Network Security Architect Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

NSE7_OTS-7.2 PDF

NSE7_OTS-7.2 Testing Engine

NSE7_OTS-7.2 PDF + Testing Engine

Quick Links

Recently New Released Certification Exams

Site Secure