Which playbook collection includes system-level playbooks that FortiSOAR uses to auto-populate date fields when the status of incident or alert records changes to Resolved or Closed?
AUtilities Playbooks
BSLA Management Playbooks
CApproval/Manual Task Playbooks
DSchedule Management Playbooks
Which two options can you configure before you purge audit logs? (Choose two.)
ASpecify time criteria
BEnable the recycle bin for soft deletion
CSpecify event types to purge
DRequire administrator override
Refer to the exhibit.
Which two statements describe the relationships between the various teams? (Choose two.)
AThe Level 1, Level 2, and Level 3 teams are siblings.
BThe Management Team owns all the records of the Level 1, Level 2, and Level 3 teams.
CThe NOC Team owns all the records of the Level 1, Level 2, and Level 3 teams.
DThe SOC Team owns all the records of the Level 1, Level 2, and Level 3 teams.
Which SMS vendor does FortiSOAR support for two-factor authentication?
ATwilio
BGoogle Authenticator
C2factor
DTelesign
Question 6
FortiSOAR Components
0
Question 7
FortiSOAR Components
Question 8
FortiSOAR Components
Question 9
FortiSOAR Components
Question 10
FortiSOAR Components
Question 11
FortiSOAR Components
Question 12
FortiSOAR Components
Question 13
FortiSOAR Components
Question 14
FortiSOAR Components
Question 15
FortiSOAR Components
Question 16
Playbook Design and Development
Question 17
FortiSOAR Components
Question 18
Playbook Design and Development
Question 19
Playbook Design and Development
Question 20
FortiSOAR Components
Question 21
FortiSOAR Components
Question 22
FortiSOAR Components
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
When configuring an HA cluster with an externalized PostgreSQL database, which two files on the database server need to be configured to trust all FortiSOAR nodes’ incoming connections? (Choose two.)
Apg_hba.conf
Bdb_external_config.yml
Cpostgresql.conf
Ddb_config.yml
For which two modules on FortiSOAR can you create SLA templates? (Choose two.)
AAlerts
BIndicators
CIncidents
DTasks
Refer to the exhibit.
The former primary node was relegated to the secondary role but is stuck in the Faulted state.
Which two steps must you take to restore operation in the high availability (HA) cluster? (Choose two.)
APerform a fire drill to test the database integrity of the node that is in the Faulted state.
BOn the node that is in the Faulted state, enter the scadm ha leave-cluster command.
CEnter the csadm ha join-cluster command to have the node that is in the Faulted state rejoin the HA cluster as a secondary node.
DRestart the node that is in the Faulted state to trigger another election.
Which three activities can be achieved using the FortiSOAR queue and shift management feature? (Choose three.)
AInitiate shift handovers
BDesignate a coordinator to monitor queues and shifts
CGenerate shift leads and shift members
DSet up queue meeting rooms
ECreate queue rules based on matching conditions
Which two statements about appliance users are true? (Choose two.)
AAppliance users do not have a login ID and do not add to the license count.
BAppliance users represent non-human users.
CAppliance users use two-factor authentication for messages sent to the API.
DAppliance users use time expiring tokens for primary authentication.
Refer to the exhibit.
How long after the cyops-ha service goes down will the heartbeat missed notification be sent to the administrator?
A15 minutes
B60 minutes
C5 minutes
D3 minutes
Which two ports must be open between FortiSOAR HA nodes? (Choose two.)
APort 5432
BPort 25
CPort 6380
DPort 9200
Refer to the exhibit.
When importing modules to FortiSOAR using the configuration wizard, what actions are applied to fields if you select Merge with Existing as the bulk action?
AExisting fields are kept, new fields are added, and non-imported fields are deleted.
BExisting fields are overwritten, new fields are added, and non-imported fields and deleted.
CExisting fields are kept, new fields are added, and non-imported fields are kept.
DExisting fields are overwritten, new fields are added, and non-imported fields are kept.
Which three actions can be performed from within the war room? (Choose three.)
AView graphical representation of all records linked to an incident in the Artifacts tab.
BChange the room’s status to Escalated to enforce hourly updates.
CInvestigate issues by tagging results as evidence.
DUse the Task Manager tab to create, manage, assign, and track tasks.
EIntegrate a third-party instant messenger directly into the collaboration workspace.
Several users have informed you that the FortiSOAR GUI is not reachable.
When troubleshooting, which step should you take first?
AEnter the csadm license --show-details command to check if there is a duplicate license.
BEnter the csadm services -–restart nginx command to restart only the Nginx process.
CEnter the systemctl status nginx command to gather more information.
DReview the connectors.log file to see what is happening to the HTTPS connections.
The Create Record and Update Record steps are categorized under which playbook step?
AEvaluate
BExecute
CCore
DReference
Which two statements about Elasticsearch are true? (Choose two.)
AElasticsearch allows you to store, search, and analyze huge volumes of data quickly, in near real time, and return answers in milliseconds.
BTo change the location of your Elasticsearch instance from the local instance to a remote location, you must update the falcon.conf file.
CThe minimum version of the Elasticsearch cluster must be 6.0.2, if you want to externalize the Elasticsearch data.
DThe global search mechanism in FortiSOAR leverages an Elasticsearch database to achieve rapid, efficient searches across the entire record system.
A security analyst has reported unauthorized access to System Configuration. You must review the user’s current level of access, and then restrict their access according to your organization’s requirements.
As part of your auditing process, which two actions should you perform? (Choose two.)
ARemove the create, read, update, and delete (CRUD) permissions or roles that the user does not require.
BView the user’s effective role permissions, and then investigate which role is providing that access.
CRemove all record ownership that is assigned to the user.
DReview the user’s team hierarchy to ensure that the appropriate relationships are configured.
Which service on FortiSOAR in the playbook scheduler?
Acyops-tomcat
Bcelerybeatd
Cceleryd
Duwsgi
Which two statements about upgrading a FortiSOAR HA cluster are true? (Choose two.)
ANodes can be upgraded while the primary node or secondary node are in the HA cluster.
BUpgrading a FortiSOAR HA cluster requires no downtime.
CThe upgrade procedure for an active-active cluster and an active-passive cluster are the same.
DIt is recommended that the passive secondary node be upgraded first, and then the active primary node.
On FortiSOAR, which default role is used to assign privileges to other teams and is recommended to not be removed?
AApplication Administrator
BFull App Permissions
CPlaybook Administrator
DSecurity Administrator
Which CLI command will not work when the PostgreSQL database on FortiSOAR is externalized?
