Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet NSE7_SOC_AR-7.6 Exam - Topic 3 Question 11 Discussion

Refer to the exhibit.You must configure the FortiGate connector to allow FortiSOAR to perform actions on a firewall. However, the connection fails. Which two configurations are required? (Choose two answers)
C) HTTPS must be enabled on the FortiGate interface that FortiSOAR will communicate with. and D) An API administrator must be created on FortiGate with the appropriate profile, along with a generated API key to configure on the connector.
A) Trusted hosts must be enabled and the FortiSOAR IP address must be permitted.
B) The VDOM name must be specified, or set to VDOM_1, if VDOMs are not enabled on FortiGate.

Fortinet NSE7_SOC_AR-7.6 Exam - Topic 3 Question 11 Discussion

Actual exam question for Fortinet's NSE7_SOC_AR-7.6 exam
Question #: 11
Topic #: 3
[All NSE7_SOC_AR-7.6 Questions]

Refer to the exhibit.

You must configure the FortiGate connector to allow FortiSOAR to perform actions on a firewall. However, the connection fails. Which two configurations are required? (Choose two answers)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

Comprehensive and Detailed Explanation From FortiSOAR 7.6., FortiSIEM 7.3 Exact Extract study guide:

To establish a successful integration between FortiSOAR 7.6 and a FortiGate firewall via the FortiGate connector, specific administrative and network requirements must be met on the FortiGate side:

API Administrator and Key (D): FortiSOAR does not use standard UI login credentials. Instead, it requires a REST API Administrator account to be created on the FortiGate. This account must be assigned an administrative profile with the necessary permissions (e.g., Read/Write for Firewall policies or Address objects). Upon creation, the FortiGate generates a unique API Key, which must be entered into the 'API Key' field of the FortiSOAR configuration wizard as shown in the exhibit.

HTTPS Management Access (C): The connector communicates with the FortiGate using REST API calls over HTTPS (port 443 by default). Therefore, the physical or logical interface on the FortiGate that corresponds to the 'Hostname' IP (172.16.200.1) must have HTTPS enabled under 'Administrative Access' in its network settings. If HTTPS is disabled, the connection will time out or be refused.

Why other options are incorrect:

Trusted hosts (A): While it is a best practice to restrict API access to specific IPs (like the FortiSOAR IP), the integration can technically function without 'Trusted hosts' enabled if the network allows the traffic. However, the absence of an API key or HTTPS access will definitively cause a failure regardless of trusted host settings.

VDOM name (B): In the exhibit, the VDOM field contains multiple values ('VDOM_1', 'VDOM_2'). If VDOMs are disabled on the FortiGate, this field should generally be left blank or set to the default 'root.' Setting it specifically to 'VDOM_1' when VDOMs are disabled is not a universal requirement for connectivity; the primary handshake depends on the API key and HTTPS connectivity.


Contribute your Thoughts:

0/2000 characters
Evangelina
2 days ago
I’m a bit confused about the VDOM requirement. I feel like B could be important, but I can't recall if it’s always necessary.
upvoted 0 times
...
Jimmie
7 days ago
I remember practicing a question like this where we had to enable HTTPS on the FortiGate interface. So, C might be one of the answers.
upvoted 0 times
...
Latrice
12 days ago
I think we definitely need to allow the FortiSOAR IP address, so A seems right, but I'm not sure about the second option.
upvoted 0 times
...

Save Cancel