NSE 7 – OT Security 6.4 — Question 5
An administrator wants to use FortiSoC and SOAR features on a FortiAnalyzer device to detect and block any unauthorized access to FortiGate devices in an OT network.
Which two statements about FortiSoC and SOAR features on FortiAnalyzer are true? (Choose two.)
Answer options
- A. You must set correct operator in event handler to trigger an event.
- B. You can automate SOC tasks through playbooks.
- C. Each playbook can include multiple triggers.
- D. You cannot use Windows and Linux hosts security events with FortiSoC.
Correct answer: A, B
Explanation
Option A is correct because event handlers require the correct operator to function properly. Option B is also correct as playbooks enable the automation of SOC tasks. Options C and D are incorrect; C is not true because each playbook can indeed have one or multiple triggers, and D is false as FortiSoC can utilize events from both Windows and Linux hosts.