NSE7_OTS-7.2 Exam Dumps - Fortinet NSE 7 - OT Security 7.2

Go to page:

Question # 4

When you create a user or host profile, which three criteria can you use? (Choose three.)

Host or user group memberships

Administrative group membership

An existing access control policy

Location

Host or user attributes

Full Access

Question # 5

Which statement about the IEC 104 protocol is true?

IEC 104 is used for telecontrol SCADA in electrical engineering applications.

IEC 104 is IEC 101 compliant in old SCADA systems.

IEC 104 protects data transmission between OT devices and services.

IEC 104 uses non-TCP/IP standards.

Full Access

Question # 6

Refer to the exhibit.

Which statement about the interfaces shown in the exhibit is true?

port2, port2-vlan10, and port2-vlan1 are part of the software switch interface.

The VLAN ID of port1-vlan1 can be changed to the VLAN ID 10.

port1-vlan10 and port2-vlan10 are part of the same broadcast domain

port1, port1-vlan10, and port1-vlan1 are in different broadcast domains

Full Access

Question # 7

Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other.

Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.)

The switch on FGT-2 must be hardware to implement micro-segmentation.

Micro-segmentation on FGT-2 prevents direct device-to-device communication.

Traffic must be inspected by FGT-EDGE in OT networks.

FGT-2 controls intra-VLAN traffic through firewall policies.

Full Access

Question # 8

Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS? (Choose two.)

Modbus

NIST Cybersecurity

IEC 62443

IEC104

Full Access

Answer:

Explanation:

B. NIST Cybersecurity Framework (CSF)

Role: Provides a risk-based approach to manage cybersecurity for critical infrastructure (including ICS/SCADA/DCS).

Fortinet Reference:

Fortinet OT Security Solution Guide (v7.2):

"The NIST Cybersecurity Framework is widely adopted in OT environments to align security practices with business objectives, manage risks, and ensure resilience."

Page 12: "Framework adoption (e.g., NIST CSF) helps organizations prioritize OT asset protection."

C. IEC 62443

Role: International standardÂ specifically designedÂ for ICS/OT security, covering technical controls, processes, and risk management.

Fortinet Reference:

*Fortinet NSE 7 - OT Security 7.2 Study Guide*:

"IEC 62443 is the foundational standard for securing industrial automation and control systems (IACS), including SCADA and DCS. It defines security zones, conduits, and security levels (SLT)."

*Module 4: "IEC 62443 provides OT-specific security requirements not covered by IT frameworks."*

Why Other Options Are Incorrect

A. Modbus: AÂ communication protocolÂ (not a framework) used in OT environments. It lacks security features and governance.

FortiGate OT Security Guide:

"Modbus is an unauthenticated, cleartext protocol vulnerable to eavesdropping. It is not a security framework."

D. IEC 104: AÂ telecontrol protocolÂ for SCADA (based on IEC 60870-5-104). It isÂ not a security framework.

FortiSIEM OT Monitoring Handbook:

"IEC 104 is used for data transmission in electrical grids. Like Modbus, it requires external security controls."

Key Documentation Extracts

Fortinet OT Security Solution Guide (v7.2):

*"Industrial environments align with IEC 62443 for OT-specific controls and NIST CSF for risk governance. Protocols like Modbus/IEC 104 require additional hardening."*

NSE 7 OT Security 7.2 Curriculum:

"IEC 62443 addresses OT asset discovery, segmentation, and threat detection. NIST CSF complements it with risk assessment methodologies."

Go to page: