Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free Fortinet NSE7_SOC_AR-7.6 Practice Exam with Questions & Answers | Set: 3

Questions 21

Refer to the exhibit.

NSE7_SOC_AR-7.6 Question 21

You must configure the FortiGate connector to allow FortiSOAR to perform actions on a firewall. However, the connection fails. Which two configurations are required? (Choose two answers)

Options:
A.

Trusted hosts must be enabled and the FortiSOAR IP address must be permitted.

B.

The VDOM name must be specified, or set to VDOM_1, if VDOMs are not enabled on FortiGate.

C.

HTTPS must be enabled on the FortiGate interface that FortiSOAR will communicate with.

D.

An API administrator must be created on FortiGate with the appropriate profile, along with a generated API key to configure on the connector.

Fortinet NSE7_SOC_AR-7.6 Premium Access
Questions 22

Review the incident report:

Packet captures show a host maintaining periodic TLS sessions that imitate normal HTTPS traffic but run on TCP 8443 to a single external host. An analyst flags the traffic as potential command-and-control. During the same period, the host issues frequent DNS queries with oversized TXT payloads to an attacker-controlled domain, transferring staged files.

Which two MITRE ATT & CK techniques best describe this activity? (Choose two answers)

Options:
A.

Non-Standard Port

B.

Exploitation of Remote Services

C.

Exfiltration Over Alternative Protocol

D.

Hide Artifacts

Questions 23

Which three statements accurately describe step utilities in a playbook step? (Choose three answers)

Options:
A.

The Timeout step utility sets a maximum execution time for the step and terminates playbook execution if exceeded.

B.

The Loop step utility can only be used once in each playbook step.

C.

The Variables step utility stores the output of the step directly in the step itself.

D.

The Condition step utility behavior changes depending on if a loop exists for that step.

E.

The Mock Output step utility uses HTML format to simulate real outputs.

Questions 24

Refer to the exhibit.

NSE7_SOC_AR-7.6 Question 24

What is the correct Jinja expression to filter the results to show only the MD5 hash values?

{{ [slot 1]|[slot 2] [slot 3].[slot 4] }}

Select the jinja expression in the left column, hold and drag it to a blank position on the right. Place the four correct steps in order, placing the first

step in the first slot. Once you place an expression, you can move it again if you want to change your answer before moving to the next question. You

need to drop four jinja expressions in the work area.

Select and drag the screen divider to change the viewable area of the source and work areas.

NSE7_SOC_AR-7.6 Question 24

Options:
Questions 25

Refer to this partial incident output:

Condition: if this pattern occurs within any 1800-second time window.

Host Interface Name: Red Hat VirtIO Ethernet Adapter

Recv Packet Errors: 0

Sent Packet Errors: 0

Recv Packet Discards: 37

Sent Packet Discards: 0

Recv Packet Error Pct: 0.00

Sent Packet Error Pct: 0.00

Recv Packet Discard Pct: 7.17

Sent Packet Discard Pct: 0.00

Avg Recv Interface Error: 0.00

Avg Sent Interface Error: 0.00

Avg Recv Interface Discard: 16.45

Avg Sent Interface Discard: 0.00

Which conclusion can you make about this incident? Choose one answer.

Options:
A.

It was triggered by a baseline profile incident rule.

B.

It was triggered from a FortiAI machine learning rule.

C.

It was triggered by a correlation rule.

D.

It was triggered by a lookup table.

Questions 26

Refer to the exhibits.

You configured a spearphishing event handler and the associated rule. However. FortiAnalyzer did not generate an event.

When you check the FortiAnalyzer log viewer, you confirm that FortiSandbox forwarded the appropriate logs, as shown in the raw log exhibit.

What configuration must you change on FortiAnalyzer in order for FortiAnalyzer to generate an event?

Options:
A.

In the Log Type field, change the selection to AntiVirus Log(malware).

B.

Configure a FortiSandbox data selector and add it tothe event handler.

C.

In the Log Filter by Text field, type the value: .5 ub t ype ma Iwa re..

D.

Change trigger condition by selecting. Within a group, the log field Malware Kame (mname > has 2 or more unique values.

Questions 27

What are three capabilities of the built-in FortiSOAR Jinja editor? (Choose three answers)

Options:
A.

It renders output by combining Jinja expressions and JSON input.

B.

It checks the validity of a Jinja expression.

C.

It creates new records in bulk.

D.

It loads the environment JSON of a recently executed playbook.

E.

It defines conditions to trigger a playbook step.

Exam Code: NSE7_SOC_AR-7.6
Certification Provider: Fortinet
Exam Name: Fortinet NSE 7 - Security Operations 7.6 Architect
Last Update: Jul 19, 2026
Questions: 91