NSE6_FSR-7.3 Fortinet NSE 6 - FortiSOAR 7.3 Administrator Free Practice Exam Questions (2026 Updated)

In FortiSOAR, system-level logs that can be purged include both "Audit logs" and "Executed Playbook logs." These types of logs can be configured to be purged periodically to free up storage space and ensure that unnecessary logs do not impact system performance. The application configuration allows administrators to schedule automatic purges, which can be especially useful in high-activityenvironments where log data accumulates quickly. Purging these logs helps maintain a cleaner and more efficient system​.

Comprehensive and Detailed Explanation From FortiSOAR 7.3 Exact Extract study guide:

According to the FortiSOAR 7.3 Administration and Deployment Guides, specifically in the "Licensing FortiSOAR" and "Security Management" sections:

Licensing Enforcement:FortiSOAR strictly enforces the number of active users based on the installed license. The license specifies themaximum number of active usersallowed in the system at any given point in time.

User Status (Active vs. Inactive):When the number of active users reaches the limit defined by the license, any additional users created or imported will be set to anInactivestatus by default. An administrator cannot change their status to "Active" until an existing active user is deactivated or deleted, or the license is upgraded to support more users.

Locked Status (Option A):It is important to distinguish between "Inactive" and "Locked." Users becometemporarily lockedout of FortiSOAR when they exceed the configured number of authentication attempts (defaulting to 5 times) within a specific period. A locked user profile will typically display a "Locked" indicator or a checkbox to "Unlock" rather than a simple "Inactive" status.

Other Options:While an email ID is required for account creation, its validity does not automatically trigger an "Inactive" status (Option B). Similarly, a required password reset (Option C) forces a password change upon login but does not disable the account.

The FortiSOAR perpetual trial license includes limitations on both the number of users and the number of actions that can be performed. These restrictions are in place to provide prospective users with a functional evaluation of FortiSOAR while limiting its usage in a production environment. The trial license does not support multi-tenancy and restricts the overall capacity for scaling, making it suitable only for testing and familiarization with FortiSOAR’s capabilities​.

FortiSOAR offers flexibility in deployment environments, including FortiSOAR Cloud, which is a subscription service that enables hosting on FortiCloud. This provides cloud-hosted management with scalable resources. Additionally, FortiSOAR supports deployment on VMware ESXi and Amazon Web Services (AWS), allowing organizations to choose based on their infrastructure preferences. This flexibility ensures that FortiSOAR can be integrated into various IT environments depending on business needs​.

When importing modules into FortiSOAR using the configuration wizard and selecting "Merge with Existing" as the bulk action, the behavior for field handling is as follows: any fields that already exist in the system are overwritten with the imported values. New fields from the imported module are added to the system, while fields that are not part of the imported module remain unaffected and are retained in the system. This option ensures that existing data structures are updated with new information without losing existing, but non-imported, fields​.

When joining a FortiSOAR cluster as a standby node, the correct status value should be passive. Using active would imply that the node is trying to join as an active node, which could cause conflicts in the cluster setup. In FortiSOAR, standby nodes must be set as passive to ensure they are recognized correctly and to avoid conflicts with the primary node or other active nodes within the cluster. Therefore, setting the status to passive will resolve the issue and allow the node to join the cluster as intended​.

To audit and restrict a user’s access within FortiSOAR, particularly in response to unauthorized access reports, it's necessary to review the user’s effective role permissions. This involves checking which roles grant the user access to the System Configuration module and adjusting as needed. Additionally, reviewing the user's team hierarchy ensures that the user’s access aligns with the organization’s policies. Misconfigurations in team relationships can sometimes inadvertently provide elevated access; hence, confirming that the team setup is correct is a critical part of the auditing process​.

In a FortiSOAR HA cluster, if the former primary node is relegated to a secondary role but is stuck in a Faulted state, it indicates that the node has lost sync or faced a failure during a role change. To restore its functionality, first, you should remove it from the cluster using the csadm ha leave-cluster command. Once it has left the cluster, you can use the csadm ha join-cluster command to re-add the node as a secondary node. This process will allow it to sync back up with the cluster and resume its role as intended​.