Fortinet NSE6_FSR-7.3 - Fortinet NSE 6 - FortiSOAR 7.3 Administrator

In FortiSOAR, SLA (Service Level Agreement) templates can be created for specific modules, including Alerts and Indicators. These templates are essential for tracking response and resolution times, ensuring compliance with defined service levels. By configuring SLAs on the Alerts and Indicators modules, organizations can monitor the time taken to address these items, which is critical in maintaining efficient incident response and management practices. The SLA templates can be customized according to specific business requirements and are applied to records within these modules to enforce timely actions​.

Elasticsearch in FortiSOAR is used for its robust data handling capabilities, allowing rapid storage, searching, and analysis of vast amounts of data in near real-time. Its integration with FortiSOAR’s global search enables efficient querying across all records, providing quick response times and a seamless user experience. The Elasticsearch database is crucial for handling extensive datasets and delivering swift search results, making it integral to FortiSOAR's performance and data management capabilities​.

Comprehensive and Detailed Explanation From FortiSOAR 7.3 Exact Extract study guide:

According to the FortiSOAR 7.3 Deployment and Administration Guide under the "Licensing FortiSOAR" section:

Connectivity Requirements:For the FortiSOAR license deployment and validation process to succeed, the instance must have outbound connectivity tohttps://globalupdate.fortinet.net. This URL is specifically used by the FortiSOAR license manager to fetch entitlements, verify the subscription status, and retrieve product information from the Fortinet licensing servers. If this connectivity is blocked (and a FortiManager is not being used as a local FDN proxy), the license deployment will fail.4

License Limits:Every FortiSOAR license—whether Perpetual, Subscription, or Trial—strictly enforces amaximum number of active users(concurrent or named) and often a limit on the number of automation actions per day.5

Perpetual Trial Licenses(often called "Free Trial") are restricted to a specific user count (typically 2 or 3) and a daily action limit (e.g., 200 or 1000 actions). Therefore, options C and D are incorrect as they suggest "no limit on user count."

URL Clarification:While update.fortiguard.net is a common Fortinet endpoint for security signatures (IPS/AV), FortiSOAR's specific licensing and entitlement communication is directed to theglobalupdate.fortinet.netservice.

When joining a FortiSOAR cluster as a standby node, the correct status value should be passive. Using active would imply that the node is trying to join as an active node, which could cause conflicts in the cluster setup. In FortiSOAR, standby nodes must be set as passive to ensure they are recognized correctly and to avoid conflicts with the primary node or other active nodes within the cluster. Therefore, setting the status to passive will resolve the issue and allow the node to join the cluster as intended​.

In a FortiSOAR HA cluster, if the former primary node is relegated to a secondary role but is stuck in a Faulted state, it indicates that the node has lost sync or faced a failure during a role change. To restore its functionality, first, you should remove it from the cluster using the csadm ha leave-cluster command. Once it has left the cluster, you can use the csadm ha join-cluster command to re-add the node as a secondary node. This process will allow it to sync back up with the cluster and resume its role as intended​.

The fdn.log file in FortiSOAR contains logs related to license synchronization activities. This log file records events and errors associated with license checks and synchronization with Fortinet's licensing servers, ensuring that the FortiSOAR instance remains compliant with licensing requirements. Monitoring fdn.log can help administrators troubleshoot issues related to license synchronization and ensure the system operates within the licensed limits​.

When deleting a user account in FortiSOAR, the user ID must be entered into the usersToDelete.txt file. This file is specifically used to list users that are marked for deletion. Once the user IDs are listed in this file, the system can process the deletion of these accounts as part of its user management operations. This method ensures that only specified users are deleted, as referenced in FortiSOAR's administrative controls​.