FortiSOAR Admin 7.3: Device Management

Questions and Answers

What is a key aspect of user management in FortiSOAR?

Permissions are fixed and cannot be modified.

Roles and team memberships determine user accessibility. (correct)

Access is based solely on team membership.

Users have unlimited access regardless of roles.

What does implementing the principle of least privilege achieve?

Increases the number of administrative roles.

Grants access to all modules without restrictions.

Ensures all users have the same access level.

Minimizes potential risks to the organization. (correct)

Which action can be performed regarding user management in FortiSOAR?

Allow users to manage their own permissions.

Delete existing users without restrictions.

Backup and restore FortiSOAR configuration files. (correct)

Create and assign new user roles only.

What does team hierarchy in FortiSOAR facilitate?

Administrators operate within their assigned roles.

Which of the following is true about managing SLAs in FortiSOAR?

SLA templates can be configured and managed.

What aspect of user permissions does FortiSOAR emphasize?

Role permissions are tied to team memberships.

How can users' permissions in FortiSOAR be characterized?

They depend on both roles and team memberships.

What is NOT a feature of FortiSOAR's user management?

Allowing random assignments of user roles.

What is necessary to retrieve the FortiSOAR UUID?

You must be logged in as a root user.

Which of the following is a step in registering a FortiSOAR instance?

Provide the FortiSOAR UUID to register.

What type of connectivity is essential for deploying the license in FortiSOAR?

Connectivity to globalupdate.fortinet.net.

Which edition of FortiSOAR is designed for regular enterprise production?

Enterprise

What does the MT_Tenant license edition enable?

Enables a node as a tenant in a multi-tenant deployment.

Which feature is included in the SOAR Framework Solution Pack?

Modules, dashboards, roles, and widgets.

What type of license allows for a complete SOAR platform deployment by a regional SOC team?

MT_RegionalSOC

Which factor does FortiSOAR licensing restrict?

Maximum number of active users.

What interface allows administrators to check all permissions assigned to a user without auditing each role individually?

Effective Role Permissions

Which method cannot be used to delete user accounts in FortiSOAR?

Using the GUI

What file must be created to specify user accounts for deletion in FortiSOAR?

usersToDelete.txt

What happens if a user is deleted from the FortiSOAR system when they are the sole owner of certain records?

The records are lost forever.

Which command execution is necessary to delete users via the FortiSOAR CLI?

userDelete

In what scenario is it recommended to use the deletion script for managing users in FortiSOAR?

When configuring FortiSOAR initially.

What is a significant limitation of the userDelete script in FortiSOAR?

It only deletes users in the local database.

What initial step should an administrator follow to delete a user from FortiSOAR?

Create a username list in usersToDelete.txt.

What is the primary function of a SIEM system in a multivendor environment?

To enforce consistent security policies

How does FortiSOAR enhance an organization’s incident response?

By creating automated security playbooks

Which of the following regulations presents challenges for consistent security due to standalone security solutions?

California Consumer Privacy Act (CCPA)

What is a benefit of the FortiSIEM solution?

Enhanced visibility into security operations

What role does automation play in a SIEM solution?

It streamlines incident response processes

What aspect of cybersecurity does FortiSOAR primarily address?

Optimization of security processes

Which of the following describes the impact of alert fatigue on security personnel?

Decreases efficiency in identifying threats

What is one of the key outcomes of integrating automation within security teams using FortiSOAR?

Minimized context switching among personnel

What does the Idle Timeout value determine in FortiSOAR settings?

The maximum idle time before a warning dialog appears

Which of the following is true about the Token Refresh value in FortiSOAR?

It is set to refresh every 60 minutes by default

What must be true before enforcing two-factor authentication globally in FortiSOAR?

Profiles must have two-factor authentication configured

For which purpose is the Reauthenticate Dashboard User setting used?

To set the hours after which a dashboard user must re-authenticate

Which authentication provider can be set up using the Authentication menu in FortiSOAR?

LDAP

What is the default Idle Timeout Grace Period in FortiSOAR?

60 seconds

What specific feature does FortiSOAR support for two-factor authentication?

TeleSign via SMS

What is the default setting for Reauthenticate Application User in terms of hours?

24 hours

Study Notes

Device Management Overview

• Learn to configure user roles, teams, and manage user permissions in FortiSOAR.
• Understand team hierarchy to maintain operational discipline through the principle of least privilege.

User Accessibility and Permissions

• User access in FortiSOAR is determined by roles and team memberships.
• Role permissions grant access to specific modules, ensuring users can only access relevant features.
• The complexity of multiple standalone security solutions can hinder compliance with regulations like GDPR and CCPA.
• SIEM solutions, such as FortiSIEM, help manage security complexities and map operations to industry standards.

Automation in Incident Response

• SOAR solutions accelerate incident response by automating processes and reducing manual intervention.
• Automated frameworks minimize context switching, addressing alert fatigue and enhancing response times.
• FortiSOAR uses security playbooks to automate common tasks, allowing teams to focus on more critical operations.

FortiSOAR Licensing

• Licensing restricts the number of active users and types of operations.
• Two main license editions: Enterprise and Multi-tenant, each with specific capabilities.
• Multi-tenant editions include:
  • MT: Supports shared and distributed multi-tenancy.
  • MT_Tenant: Designed for customer nodes in MSSP scenarios.
  • MT_RegionalSOC: Enables regional SOC deployments with a complete SOAR platform.

User Management

• Deleting users requires running a script on the FortiSOAR CLI; it cannot be done via the GUI.
• User deletions should be handled cautiously to avoid losing ownership records.

Session Management Settings

• Idle Timeout: Default of 30 minutes before a user receives a warning.
• Idle Timeout Grace Period: 60 seconds post-warning before logging out.
• Token Refresh: Default is set to every 60 minutes without user action.
• Reauthentication periods are set to 24 hours for both dashboard and application users.

Two-Factor Authentication (2FA)

• FortiSOAR allows global enforcement of 2FA using TeleSign for SMS-based user verification.
• All user profiles must be pre-configured for 2FA before enforcement to avoid lockouts.

LDAP Authentication Setup

• LDAP authentication can be enabled and configured through the FortiSOAR Authentication menu.
• Ensure LDAP is enabled to manage user authentication options effectively.

Description

This quiz covers the essential concepts of device management in FortiSOAR Administrator 7.3. You will learn about configuring roles and teams, user permissions, and managing SLA templates. Furthermore, it addresses the processes for backing up and restoring configurations.