New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE7_OTS-7.2 Exam - Topic 1 Question 37 Discussion

Actual exam question for Fortinet's NSE7_OTS-7.2 exam
Question #: 37
Topic #: 1
[All NSE7_OTS-7.2 Questions]

[Fortinet Products for OT Security]

An OT network consists of multiple FortiGate devices. The edge FortiGate device is deployed as the secure gateway and is only allowing remote operators to access the ICS networks on site.

Management hires a third-party company to conduct health and safety on site. The third-party company must have outbound access to external resources.

As the OT network administrator, what is the best scenario to provide external access to the third-party company while continuing to secure the ICS networks?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Salome at Jul 31, 2025, 10:32 AM

Limited Time Offer

25%

Off

Get Premium NSE7_OTS-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ling
2 months ago
Not sure about C, splitting devices sounds risky.
upvoted 0 times
...
Vivienne
2 months ago
Wait, why not just use A? Seems straightforward.
upvoted 0 times
...
Lajuana
3 months ago
I think C is a bit overkill for just external access.
upvoted 0 times
...
Nidia
3 months ago
D could introduce unnecessary complexity.
upvoted 0 times
...
Jess
3 months ago
Option B seems solid for protecting traffic.
upvoted 0 times
...
Raymon
3 months ago
Implementing an additional firewall, as in option D, seems like overkill to me. I feel like there might be simpler solutions that still maintain security without adding more complexity.
upvoted 0 times
...
Aide
4 months ago
Splitting the edge FortiGate into multiple VDOMs sounds interesting, as mentioned in option C. I recall it being a good way to isolate different traffic, but I'm not clear on how it would work in this specific scenario.
upvoted 0 times
...
Melina
4 months ago
I think we practiced a similar question where we had to secure ICS networks while allowing external access. Creating VPN tunnels like in option B could be a solid approach, but I wonder if it complicates things too much.
upvoted 0 times
...
Earleen
4 months ago
I remember discussing the importance of limiting access for third-party vendors in our last study group. Option A seems to align with that, but I'm not entirely sure if it's the best choice.
upvoted 0 times
...
Afton
4 months ago
I'm leaning towards option D, implementing an additional firewall with an upstream link to the internet. That seems like the most robust way to secure the ICS network while still providing the required external access. It might be a bit more complex, but it could be the best long-term solution.
upvoted 0 times
...
Raul
4 months ago
Option C, splitting the edge FortiGate into multiple logical devices, sounds like a good way to isolate the third-party company's access. That way, we can maintain tight control over the ICS network while still allowing the necessary external access. I think I'll go with that one.
upvoted 0 times
...
Geraldine
4 months ago
Hmm, I'm a bit unsure about this one. The question mentions securing the ICS network, so I'm wondering if option B, creating VPN tunnels, might be a better approach to protect that critical infrastructure. I'll have to think this through carefully.
upvoted 0 times
...
Alethea
5 months ago
This seems like a pretty straightforward security question. I'd probably go with option A - configuring outbound security policies with limited active authentication users for the third-party company. That way, we can give them the access they need without compromising the overall security of the ICS network.
upvoted 0 times
...
Diego
5 months ago
Option D is a bit overkill, don't you think? Why add another firewall when you can just use the existing FortiGate infrastructure? That's like using a sledgehammer to crack a nut.
upvoted 0 times
...
Clay
5 months ago
Ah, the age-old debate: VDOM or additional firewall? I'd go with the VDOM approach. Less hardware, more flexibility.
upvoted 0 times
Cecil
2 months ago
Flexibility is key! VDOMs make it easier to scale.
upvoted 0 times
...
Julene
2 months ago
True, but VDOMs can be more manageable.
upvoted 0 times
...
Serina
2 months ago
But what about performance? Extra firewalls can handle more traffic.
upvoted 0 times
...
Beata
2 months ago
VDOMs definitely save space!
upvoted 0 times
...
...
Margart
5 months ago
I still think VPN tunnels are the way to go, it's a more common practice for securing network traffic.
upvoted 0 times
...
Cecil
6 months ago
Hmm, I'm not sure about that. Wouldn't it be easier to just set up limited authentication policies for the third-party company? Less overhead, you know?
upvoted 0 times
Justine
5 months ago
A) Configure outbound security policies with limited active authentication users of the third-party company.
upvoted 0 times
...
...
Jesusa
6 months ago
That's a good point, it could provide more control and security for the third-party company.
upvoted 0 times
...
Lorrie
6 months ago
I agree with Karma. Segmenting the network and using a dedicated VDOM is a clean and effective solution.
upvoted 0 times
...
Mozell
6 months ago
But wouldn't option C be better to allocate an independent VDOM for the third-party company?
upvoted 0 times
...
Margart
6 months ago
I agree with Jesusa, VPN tunnels would protect the ICS network traffic.
upvoted 0 times
...
Jesusa
7 months ago
I think option B is the best scenario.
upvoted 0 times
...
Karma
7 months ago
Option C seems like the best choice. Isolating the third-party company's access in a separate VDOM is a smart way to keep the ICS network secure.
upvoted 0 times
Whitley
6 months ago
Option C seems like the best choice. Isolating the third-party company's access in a separate VDOM is a smart way to keep the ICS network secure.
upvoted 0 times
...
...

Save Cancel