• Home
  • Articles
  • [Jan-2025] NSE7_OTS-7.2 Pre-Exam Practice Tests Exam Questions and Answers for NSE 7 Network Security Architect Study Guide [Q33-Q51]

[Jan-2025] NSE7_OTS-7.2 Pre-Exam Practice Tests Exam Questions and Answers for NSE 7 Network Security Architect Study Guide [Q33-Q51]

Share

[Jan-2025] NSE7_OTS-7.2 Pre-Exam Practice Tests | Exam Questions and Answers for NSE 7 Network Security Architect Study Guide

Fortinet NSE 7 - OT Security 7.2 Certification Sample Questions

NEW QUESTION # 33
Which three methods of communication are used by FortiNAC to gather visibility information? (Choose three.)

  • A. API
  • B. SNMP
  • C. RADIUS
  • D. TACACS
  • E. ICMP

Answer: A,B,C


NEW QUESTION # 34
An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.
Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)

  • A. You cannot use Windows and Linux hosts security events with FortiSoC.
  • B. You can automate SOC tasks through playbooks.
  • C. Each playbook can include multiple triggers.
  • D. You must set correct operator in event handler to trigger an event.

Answer: B,D

Explanation:
Ref: https://docs.fortinet.com/document/fortianalyzer/7.0.0/administration-guide/268882/fortisoc


NEW QUESTION # 35
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?

  • A. FortiEDR
  • B. FortiGate
  • C. FortiSwitch
  • D. FortiNAC

Answer: B

Explanation:
Explanation
An OT network architect can accomplish the goal of securing control area zones with a single network access policy to provision devices to any number of different networks on a FortiGate device.


NEW QUESTION # 36
To increase security protection in an OT network, how does application control on ForliGate detect industrial traffic?

  • A. By inspecting protocols used in the application traffic
  • B. By inspecting software and software-based vulnerabilities
  • C. By inspecting applications with more granularity by inspecting subapplication traffic
  • D. By inspecting applications only on nonprotected traffic

Answer: D


NEW QUESTION # 37
As an OT administrator, it is important to understand how industrial protocols work in an OT network. Which communication method is used by the Modbus protocol?

  • A. It uses OSI Layer 2 and the secondary device sends data based on request from primary device.
  • B. It uses OSI Layer 2 and both the primary/secondary devices send data based on a matching token ring.
  • C. It uses OSI Layer 2 and both the primary/secondary devices always send data during the communication.
  • D. It uses OSI Layer 2 and the primary device sends data based on request from secondary device.

Answer: A


NEW QUESTION # 38
Refer to the exhibit.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

  • A. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
  • B. IT and OT networks are separated by segmentation.
  • C. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.
  • D. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.

Answer: B,D


NEW QUESTION # 39
Refer to the exhibit.

You are navigating through FortiSIEM in an OT network.
How do you view information presented in the exhibit and what does the FortiGate device security status tell you?

  • A. In the summary dashboard and there are one or more high-severity security incidents for the FortiGate device.
  • B. In the PCI logging dashboard and there are one or more high-severity security incidents for the FortiGate device.
  • C. In the widget dashboard and there are one or more high-severity incidents for the FortiGate device.
  • D. In the business service dashboard and there are one or more high-severity security incidents for the FortiGate device.

Answer: A


NEW QUESTION # 40
As an OT network administrator, you are managing three FortiGate devices that each protect different levels on the Purdue model. To increase traffic visibility, you are required to implement additional security measures to detect exploits that affect PLCs.
Which security sensor must implement to detect these types of industrial exploits?

  • A. Deep packet inspection (DPI)
  • B. Application control
  • C. Antivirus inspection
  • D. Intrusion prevention system (IPS)

Answer: B


NEW QUESTION # 41
Refer to the exhibit. Which statement is true about application control inspection?

  • A. The industrial application control inspection process is unique among application categories.
  • B. The parent signature takes precedence over the child application signature.
  • C. You can control security actions only on the parent-level application signature
  • D. Security actions cannot be applied on the lowest level of the hierarchy.

Answer: C


NEW QUESTION # 42
Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT can send traffic to each other at the Layer 2 level.
What must the OT admin do to prevent Layer 2-level communication between PLC-3 and CLIENT?

  • A. Implement policy routes on FGT-2 to control traffic between devices.
  • B. Enable explicit intra-switch policy to require firewall policies on FGT-2.
  • C. Set a unique forward domain for each interface of the software switch.
  • D. Create a VLAN for each device and replace the current FGT-2 software switch members.

Answer: C,D


NEW QUESTION # 43
An OT network administrator is trying to implement active authentication. Which two methods should the administrator use to achieve this? (Choose two.)

  • A. Role-based authentication on FortiNAC
  • B. FSSO authentication on FortiGate
  • C. Local authentication on FortiGate
  • D. Two-factor authentication on FortiAuthenticator

Answer: C,D


NEW QUESTION # 44
Which three Fortinet products can be used for device identification in an OT industrial control system (ICS)?
(Choose three.)

  • A. FortiNAC
  • B. FortiManager
  • C. FortiGate
  • D. FortiSIEM
  • E. FortiAnalyzer

Answer: A,C,D

Explanation:
Explanation
A: FortiNAC - FortiNAC is a network access control solution that provides visibility and control over network devices. It can identify devices, enforce access policies, and automate threat response.
D: FortiSIEM - FortiSIEM is a security information and event management solution that can collect and analyze data from multiple sources, including network devices and servers. It can help identify potential security threats, as well as monitor compliance with security policies and regulations.
E: FortiAnalyzer - FortiAnalyzer is a central logging and reporting solution that collects and analyzes data from multiple sources, including FortiNAC and FortiSIEM. It can provide insights into network activity and help identify anomalies or security threats.


NEW QUESTION # 45
An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.
Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources. As the OT network administrator, what is the best scenario to provide external access to the third- party company while continuing to secure the ICS networks?

  • A. Implement an additional firewall using an additional upstream link to the internet.
  • B. Create VPN tunnels between downstream FortiGate devices and the edge FortiGate to protect ICS network traffic.
  • C. Split the edge FortiGate device into multiple logical devices to allocate an independent VDOM for the third-party company.
  • D. Configure outbound security policies with limited active authentication users of the third-party company.

Answer: C


NEW QUESTION # 46
An OT supervisor needs to protect their network by implementing security with an industrial signature database on the FortiGate device.
Which statement about the industrial signature database on FortiGate is true?

  • A. An administrator must create their own database using custom signatures.
  • B. A supervisor must purchase an industrial signature database and import it to the FortiGate.
  • C. By default, the industrial database is enabled.
  • D. A supervisor can enable it through the FortiGate CLI.

Answer: D


NEW QUESTION # 47
Which three common breach points can be found in a typical OT environment? (Choose three.)

  • A. Black hat
  • B. Global hat
  • C. VLAN exploits
  • D. RTU exploits
  • E. Hard hat

Answer: A,D,E


NEW QUESTION # 48
An OT network architect must deploy a solution to protect fuel pumps in an industrial remote network. All the fuel pumps must be closely monitored from the corporate network for any temperature fluctuations.
How can the OT network architect achieve this goal?

  • A. Configure both fuel server and FortiSIEM with a single-pattern temperature performance rule on the corporate network.
  • B. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature security rule on the corporate network.
  • C. Configure a fuel server on the corporate network, and deploy a FortiSIEM with a single pattern temperature performance rule on the remote network.
  • D. Configure a fuel server on the remote network, and deploy a FortiSIEM with a single pattern temperature performance rule on the corporate network.

Answer: D

Explanation:
Explanation
This way, FortiSIEM can discover and monitor everything attached to the remote network and provide security visibility to the corporate network


NEW QUESTION # 49
In a wireless network integration, how does FortiNAC obtain connecting MAC address information?

  • A. End station traffic monitoring
  • B. MAC notification traps
  • C. RADIUS
  • D. Link traps

Answer: C

Explanation:
FortiNAC can integrate with RADIUS servers to obtain MAC address information for wireless clients that authenticate through the RADIUS server.


NEW QUESTION # 50
Refer to the exhibits. Which statement is true about the traffic passing through to PLC-2?

  • A. SSL Inspection must be set to deep-inspection to correctly apply application control.
  • B. The application filter overrides the default action of some IEC 104 signatures.
  • C. IEC 104 signatures are all allowed except the C.BO.NA 1 signature.
  • D. IPS must be enabled to inspect application signatures.

Answer: B


NEW QUESTION # 51
......

Fortinet Exam Practice Test To Gain Brilliante Result: https://passleader.testpassking.com/NSE7_OTS-7.2-exam-testking-pass.html

Related Articles

more
Fortinet NSE7_OTS-7.2 Certification Practice Exam

Copyright © 2026 TestPassKing NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy