NSE6_FSR-7.3 Practice Questions

Comprehensive and Detailed Explanation From FortiSOAR 7.3 Exact Extract study guide:

According to the FortiSOAR 7.3 Administration Guide under the "Audit Logs" and "Role-Based Access Control (RBAC)" sections, managing the lifecycle of system logs requires elevated administrative privileges.

To perform a manual purge of audit logs, the system validates permissions across two specific areas:

Audit Log Activities Module:The user must haveDeletepermissions on this specific module because it is the repository where the actual log records are stored. Without "Delete" rights here, the application cannot remove the database entries.

Security Module:Because the purging of audit logs is a sensitive security operation that affects the system's accountability trail, FortiSOAR requires theDeletepermission on theSecuritymodule. This acts as a secondary administrative guardrail to ensure only authorized security administrators can permanently remove audit trails.

Permissions on thePeopleorUsersmodules (Options C and D) are used for managing user profiles and account attributes, but they do not grant the authority to manipulate system-level audit databases.

To audit and restrict a user’s access within FortiSOAR, particularly in response to unauthorized access reports, it's necessary to review the user’s effective role permissions. This involves checking which roles grant the user access to the System Configuration module and adjusting as needed. Additionally, reviewing the user's team hierarchy ensures that the user’s access aligns with the organization’s policies. Misconfigurations in team relationships can sometimes inadvertently provide elevated access; hence, confirming that the team setup is correct is a critical part of the auditing process​.