最新のFortinet NSE7_OTS-7.2のPDFと問題集で(2026)無料試験問題解答 [Q37-Q61]

Share

最新のFortinet NSE7_OTS-7.2のPDFと問題集で(2026)無料試験問題解答

あなたを合格させるNSE 7 Network Security Architect NSE7_OTS-7.2試験問題集で2026年03月12日には73問あります


Fortinet NSE7_OTS-7.2 認定試験は、OTネットワークのセキュリティソリューションを設計、実装、および管理するために必要な知識とスキルをテストするように設計されています。この試験は、OTネットワークのセキュリティ原則、リスク管理、セキュリティオペレーション、およびインシデント対応を含む、広範囲なトピックをカバーしています。また、実践的なスキルをOTネットワークのセキュリティ確保において証明するための実習も含まれています。

 

質問 # 37
Refer to the exhibit.

Which statement is true about application control inspection?

  • A. The parent signature takes precedence over the child application signature.
  • B. Security actions cannot be applied on the lowest level of the hierarchy.
  • C. The industrial application control inspection process is unique among application categories.
  • D. You can control security actions only on the parent-level application signature

正解:D


質問 # 38
What are two benefits of a Nozomi integration with FortiNAC? (Choose two.)

  • A. Direct VLAN assignment
  • B. Adapter consolidation for multi-adapter hosts
  • C. Enhanced point of connection details
  • D. Importation and classification of hosts

正解:B、D

解説:
The two benefits of a Nozomi integration with FortiNAC are enhanced point of connection details and importation and classification of hosts. Enhanced point of connection details allows for the identification and separation of traffic from multiple points of connection, such as Wi-Fi, wired, cellular, and VPN. Importation and classification of hosts allows for the automated importing and classification of host and device information into FortiNAC. This allows for better visibility and control of the network.


質問 # 39
Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.
Which statement about the topology is true?

  • A. PLCs use IEEE802.1Q protocol to communicate each other.
  • B. An administrator can create firewall policies in the switch to secure between PLCs.
  • C. There is no micro-segmentation in this topology.
  • D. This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

正解:C


質問 # 40
Refer to the exhibit

In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall.
Which statement about the topology is true?

  • A. PLCs use IEEE802.1Q protocol to communicate each other.
  • B. An administrator can create firewall policies in the switch to secure between PLCs.
  • C. There is no micro-segmentation in this topology.
  • D. This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

正解:C


質問 # 41
Refer to the exhibit.
Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

  • A. FortiSIEM for security incident and event management
  • B. FortiEDR for endpoint detection
  • C. FortiNAC for network access control
  • D. FortiGate for SD-WAN
  • E. FortiGate for application control and IPS

正解:B、C、E


質問 # 42
Which three device profiling methods of FortiNAC are considered non-direct? (Choose three.)

  • A. TCP
  • B. Network traffic
  • C. IP range
  • D. Location
  • E. SSH

正解:B、C、D


質問 # 43
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer. What are two possible reasons why the report output was empty? (Choose two.)

  • A. The administrator selected the wrong time period for the report.
  • B. The administrator selected the wrong hcache table for the report.
  • C. The administrator selected the wrong logs to be indexed in FortiAnalyzer.
  • D. The administrator selected the wrong devices in the Devices section.

正解:A、D


質問 # 44
What triggers Layer 2 polling of infrastructure devices connected in the network?

  • A. A matched profiling rule
  • B. A matched security policy
  • C. A failed Layer 3 poll
  • D. A linkup or linkdown trap

正解:D


質問 # 45
Refer to the exhibit.

Based on the topology designed by the OT architect, which two statements about implementing OT security are true? (Choose two.)

  • A. IT and OT networks are separated by segmentation.
  • B. FortiGate-3 and FortiGate-4 devices must be in a transparent mode.
  • C. Micro-segmentation can be achieved only by replacing FortiGate-3 and FortiGate-4 with a pair of FortiSwitch devices.
  • D. Firewall policies should be configured on FortiGate-3 and FortiGate-4 with industrial protocol sensors.

正解:A、D


質問 # 46
Refer to the exhibit.

PLC-3 and CLIENT can send traffic to PLC-1 and PLC-2. FGT-2 has only one software switch (SSW-1) connecting both PLC-3 and CLIENT. PLC-3 and CLIENT cannot send traffic to each other.
Which two statements about the traffic between PCL-1 and PLC-2 are true? (Choose two.)

  • A. Micro-segmentation on FGT-2 prevents direct device-to-device communication.
  • B. FGT-2 controls intra-VLAN traffic through firewall policies.
  • C. The switch on FGT-2 must be hardware to implement micro-segmentation.
  • D. Traffic must be inspected by FGT-EDGE in OT networks.

正解:A、B


質問 # 47
Refer to the exhibit.

An OT administrator ran a report to identify device inventory in an OT network.
Based on the report results, which report was run?

  • A. A FortiSIEM incident report
  • B. A FortiSIEM analytics report
  • C. A FortiAnalyzer device report
  • D. A FortiSIEM CMDB report

正解:D


質問 # 48
Refer to the exhibit.

An OT network security audit concluded that the application sensor requires changes to ensure the correct security action is committed against the overrides filters.
Which change must the OT network administrator make?

  • A. Set the priority of the C.BO.NA.1 signature override to 1.
  • B. Remove IEC.60870.5.104 Information.Transfer from the first filter override.
  • C. Change the security action of the industrial category to monitor.
  • D. Set all application categories to apply default actions.

正解:A

解説:
Explanation
According to the Fortinet NSE 7 - OT Security 6.4 exam guide1, the application sensor settings allow you to configure the security action for each application category andnetwork protocol override. The security action determines how the FortiGate unit handles traffic that matches the application category or network protocol override. The security action can be one of the following:
Allow: The FortiGate unit allows the traffic without any further inspection.
Monitor: The FortiGate unit allows the traffic and logs it for monitoring purposes.
Block: The FortiGate unit blocks the traffic and logs it as an attack.
The priority of the network protocol override determines the order in which the FortiGate unit applies the security action to the traffic. The lower the priority number, the higher the priority. For example, a priority of 1 is higher than a priority of 10.
In the exhibit, the application sensor has the following settings:
The industrial category has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that belongs to this category.
The IEC.60870.5.104 Information.Transfer network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The IEC.60870.5.104 Control.Functions network protocol override has a security action of monitor, which means that the FortiGate unit will allow and log any traffic that matches this protocol.
The IEC.60870.5.104 Start/Stop network protocol override has a security action of allow, which means that the FortiGate unit will not inspect or log any traffic that matches this protocol.
The IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a security action of block, which means that the FortiGate unit will block and log any traffic that matches this protocol.
The problem with these settings is that the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override has a lower priority than the IEC.60870.5.104 Information.Transfer network protocol override. This means that if the traffic matches both protocols, the FortiGate unit will apply the security action of the higher priority override, which is block. However, the IEC.60870.5.104 Transfer.C.BO.NA.1 protocol is used to transfer binary outputs, which are essential for controlling OT devices. Therefore, blocking this protocol could have negative consequences for the OT network.
To fix this issue, the OT network administrator must set the priority of the IEC.60870.5.104 Transfer.C.BO.NA.1 network protocol override to 1, which is higher than the priority of the IEC.60870.5.104 Information.Transfer network protocol override. This way, the FortiGate unit will apply the security action of the lower priority override, which is allow, to the traffic that matches both protocols. This will ensure that the FortiGate unit does not block the traffic that is used to transfer binary outputs, while still blocking the traffic that is used to transfer information.
1: NSE 7 Network Security Architect - Fortinet


質問 # 49
Refer to the exhibit.

You are assigned to implement a remote authentication server in the OT network.
Which part of the hierarchy should the authentication server be part of?

  • A. Core
  • B. Access
  • C. Edge
  • D. Cloud

正解:C


質問 # 50
Refer to the exhibit.

In order for a FortiGate device to act as router on a stick, what configuration must an OT network architect implement on FortiGate to achieve inter-VLAN routing?

  • A. Set a software switch on FortiGate to handle inter-VLAN traffic.
  • B. Set a FortiGate interface with the switch to operate as an 802.1 q trunk.
  • C. Set FortiGate to operate in transparent mode.
  • D. Set a unique forward domain on each interface on the network.

正解:B


質問 # 51
An OT network architect needs to secure control area zones with a single network access policy to provision devices to any number of different networks.
On which device can this be accomplished?

  • A. FortiGate
  • B. FortiEDR
  • C. FortiNAC
  • D. FortiSwitch

正解:A

解説:
An OT network architect can accomplish the goal of securing control area zones with a single network access policy to provision devices to any number of different networks on a FortiGate device.


質問 # 52
Which two frameworks are common to secure ICS industrial processes, including SCADA and DCS?
(Choose two.)

  • A. IEC104
  • B. NIST Cybersecurity
  • C. IEC 62443
  • D. Modbus

正解:B、C

解説:
* B. NIST Cybersecurity Framework (CSF)
* Role: Provides a risk-based approach to manage cybersecurity for critical infrastructure (including ICS/SCADA/DCS).
* Fortinet Reference:
Fortinet OT Security Solution Guide (v7.2):
"The NIST Cybersecurity Framework is widely adopted in OT environments to align security practices with business objectives, manage risks, and ensure resilience." Page 12: "Framework adoption (e.g., NIST CSF) helps organizations prioritize OT asset protection."
* C. IEC 62443
* Role: International standard specifically designed for ICS/OT security, covering technical controls, processes, and risk management.
* Fortinet Reference:
*Fortinet NSE 7 - OT Security 7.2 Study Guide*:
"IEC 62443 is the foundational standard for securing industrial automation and control systems (IACS), including SCADA and DCS. It defines security zones, conduits, and security levels (SLT)."
*Module 4: "IEC 62443 provides OT-specific security requirements not covered by IT frameworks."* Why Other Options Are Incorrect
* A. Modbus: A communication protocol (not a framework) used in OT environments. It lacks security features and governance.
FortiGate OT Security Guide:
"Modbus is an unauthenticated, cleartext protocol vulnerable to eavesdropping. It is not a security framework."
* D. IEC 104: A telecontrol protocol for SCADA (based on IEC 60870-5-104). It is not a security framework.
FortiSIEM OT Monitoring Handbook:
"IEC 104 is used for data transmission in electrical grids. Like Modbus, it requires external security controls." Key Documentation Extracts
* Fortinet OT Security Solution Guide (v7.2):
*"Industrial environments align with IEC 62443 for OT-specific controls and NIST CSF for risk governance.
Protocols like Modbus/IEC 104 require additional hardening."*
* NSE 7 OT Security 7.2 Curriculum:
"IEC 62443 addresses OT asset discovery, segmentation, and threat detection. NIST CSF complements it with risk assessment methodologies."


質問 # 53
What are two critical tasks the OT network auditors must perform during OT network risk assessment and management? (Choose two.)

  • A. Creating disaster recovery plans to switch operations to a backup plant
  • B. Evaluating what can go wrong before it happens
  • C. Implementing strategies to automatically bring PLCs offline
  • D. Planning a threat hunting strategy

正解:A、C


質問 # 54
Refer to the exhibit.

Based on the Purdue model, which three measures can be implemented in the control area zone using the Fortinet Security Fabric? (Choose three.)

  • A. FortiSIEM for security incident and event management
  • B. FortiEDR for endpoint detection
  • C. FortiNAC for network access control
  • D. FortiGate for SD-WAN
  • E. FortiGate for application control and IPS

正解:B、C、E


質問 # 55
Which deployment option allows an administrator to detect intrusions without any modifications to production traffic?

  • A. Offline IDS
  • B. Inline IPS and IDS
  • C. Virtual patching
  • D. Offline IPS

正解:A


質問 # 56
Which three criteria can a FortiGate device use to look for a matching firewall policy to process traffic?
(Choose three.)

  • A. Services defined in the firewall policy.
  • B. Source defined as internet services in the firewall policy
  • C. Destination defined as internet services in the firewall policy
  • D. Lowest to highest policy ID number
  • E. Highest to lowest priority defined in the firewall policy

正解:A、C、E

解説:
Explanation
The three criteria that a FortiGate device can use to look for a matching firewall policy to process traffic are:
A: Services defined in the firewall policy - FortiGate devices can match firewall policies based on the services defined in the policy, such as HTTP, FTP, or DNS.
D: Destination defined as internet services in the firewall policy - FortiGate devices can also match firewall policies based on the destination of the traffic, including destination IP address, interface, or internet services.
E: Highest to lowest priority defined in the firewall policy - FortiGate devices can prioritize firewall policies based on the priority defined in the policy. The device will process traffic against the policy with the highest priority first and move down the list until it finds a matching policy.


質問 # 57
Refer to the exhibit.

You need to configure VPN user access for supervisors at the breach and HQ sites using the same soft FortiToken. Each site has a FortiGate VPN gateway.
What must you do to achieve this objective?

  • A. You must register the same FortiToken on more than one FortiGate.
  • B. You must use the user self-registration server.
  • C. You must use a third-party RADIUS OTP server.
  • D. You must use a FortiAuthenticator.

正解:D


質問 # 58
Refer to the exhibit.

An OT architect has implemented a Modbus TCP with a simulation server Conpot to identify and control the Modus traffic in the OT network. The FortiGate-Edge device is configured with a software switch interface ssw-01.
Based on the topology shown in the exhibit, which two statements about the successful simulation of traffic between client and server are true? (Choose two.)

  • A. The FortiGate-Edge device must be in NAT mode.
  • B. Port5 is not a member of the software switch.
  • C. NAT is disabled in the FortiGate firewall policy from port3 to ssw-01.
  • D. The FortiGate devices is in offline IDS mode.

正解:A、C


質問 # 59
An OT administrator configured and ran a default application risk and control report in FortiAnalyzer to learn more about the key application crossing the network. However, the report output is empty despite the fact that some related real-time and historical logs are visible in the FortiAnalyzer.
What are two possible reasons why the report output was empty? (Choose two.)

  • A. The administrator selected the wrong time period for the report.
  • B. The administrator selected the wrong hcache table for the report.
  • C. The administrator selected the wrong logs to be indexed in FortiAnalyzer.
  • D. The administrator selected the wrong devices in the Devices section.

正解:A、D

解説:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/32cb817d-a307-11eb-b70b-
00505692583a/FortiAnalyzer-7.0.0-Administration_Guide.pdf


質問 # 60
Refer to the exhibit. In the topology shown in the exhibit, both PLCs can communicate directly with each other, without going through the firewall. Which statement about the topology is true?

  • A. PLCs use IEEE802.1Q protocol to communicate each other.
  • B. An administrator can create firewall policies in the switch to secure between PLCs.
  • C. There is no micro-segmentation in this topology.
  • D. This integration solution expands VLAN capabilities from Layer 2 to Layer 3.

正解:C


質問 # 61
......


Fortinet NSE7_OTS-7.2試験は、合格するには高度な専門知識が必要なため、サイバーセキュリティ業界で最も難しい試験の一つと考えられています。試験に合格することで、OTセキュリティの概念に深い理解を示し、OT環境を安全かつ効果的に管理するために必要なスキルを習得したことを証明します。この認定は、雇用主から高く評価され、グローバルに認知されているため、サイバーセキュリティのキャリアを進めたい専門家にとって価値のある資産となります。

 

NSE7_OTS-7.2問題集はNSE 7 Network Security Architect認証済み試験問題と解答:https://jp.fast2test.com/NSE7_OTS-7.2-premium-file.html

NSE7_OTS-7.2無料試験学習ガイド!(更新された73問あります):https://drive.google.com/open?id=1lwwZIIoKGE9YaYNqKGQwKNT5Btyb6oUN


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어