NSE7-OTS-7-2 Free Sample Questions

A pharmaceutical manufacturing facility uses a FortiGate in transparent mode to segment its Level 1 (Basic Control) and Level 2 (Supervisory Control) networks. The primary goal is to log all DNP3 traffic for auditing without disrupting real-time operations. An OT engineer has enabled promiscuous mode on the SPAN port of the industrial switch connected to the FortiGate's monitoring interface. However, FortiAnalyzer is not receiving any DNP3 traffic logs. All other system and security event logs from the FortiGate are being received correctly. What is the most likely cause of this issue?

An OT architect is designing a security solution for a power utility's substation that uses IEC 61850 GOOSE messaging for critical real-time communication between Intelligent Electronic Devices (IEDs). Due to the protocol's non-routable, Layer 2 nature and extreme sensitivity to latency, inline security inspection is not feasible. Which Fortinet deployment strategy and feature set should be used to gain visibility and detect potential threats within this GOOSE traffic? (Select TWO).

True or False: When configuring a FortiGate for an OT environment, the Industrial Security Service (ISS) license is only required for Intrusion Prevention (IPS) and is not necessary for Application Control to identify industrial protocols like Modbus or DNP3.

**Case Study** A regional water treatment authority is modernizing its SCADA system, which spans multiple remote sites. The current architecture consists of a flat network where PLCs and RTUs communicate directly with a central control center over a private WAN. This design has been flagged during a security audit for its lack of segmentation and visibility, posing a significant risk of lateral threat movement. The authority's primary requirements are to segment the network according to the Purdue model, control access based on device identity, and gain deep visibility into the EtherNet/IP protocol used by their Rockwell Automation controllers. A key constraint is that any new solution must accommodate legacy devices that do not support 802.1X authentication. The solution must also provide a centralized inventory of all connected OT assets. The proposed architecture involves deploying FortiGate firewalls at each remote site and a central FortiGate at the control center. FortiSwitches will replace the unmanaged switches at the remote sites. FortiNAC will be deployed at the central data center for network access control and device profiling. Given this scenario, which configuration approach best meets all the stated requirements and constraints?

A manufacturing plant has deployed FortiNAC to enhance visibility and control over its ICS network. The OT team observes that while FortiNAC is successfully profiling new devices like HMIs and Engineering Workstations, it is failing to correctly identify a specific model of Siemens S7-1500 PLC. The device is being classified as a generic 'Linux Device' based on its network stack. What is the most effective first step the administrator should take within FortiNAC to resolve this misclassification?

An OT administrator is configuring a security policy on a FortiGate to allow an Engineering Workstation (EWS) to program a PLC using the Modbus protocol. The goal is to allow only Modbus 'Write' commands (Function Codes 5, 6, 15, 16) and block any 'Read' commands to prevent unauthorized data exfiltration. Which Fortinet feature is required to achieve this level of granular control?

A security analyst in an OT SOC is investigating an alert from FortiSIEM indicating that a PLC has unexpectedly initiated an outbound connection to an external IP address. To create a rapid, automated response, the analyst wants to configure the system to immediately block the PLC's MAC address at the network edge. Which combination of Fortinet products and features is required to implement this automated quarantine action?

An OT network is segmented using a FortiGate with multiple VLANs for different production cells. The administrator wants to ensure that if the primary FortiGate unit fails, a secondary unit takes over with minimal disruption to the SCADA operations. The industrial switches support LACP. Which FortiGate High Availability (HA) configuration is most appropriate to provide both redundancy and optimized link usage?

When implementing a Zero Trust security model in an OT environment using Fortinet solutions, what is the primary function of FortiNAC?

A security audit of a food processing plant revealed that unauthenticated devices can be connected to active network ports in the production area, gaining access to the control network. The plant uses a mix of modern and legacy OT devices. Which of the following Fortinet solutions and configurations should be implemented to address this finding most effectively? (Select THREE).