View all questions & answers for the NSE 7 - Security Operations 7.6 Architect Materials exam


NSE 7 - Security Operations 7.6 Architect Materials-Question 62 Discussion

You are trying to create a playbook that uses source data from ingestion to populate the description field of a task. You were successful in saving the source data to a variable called ingestion_data. Now, you must parse the results and extract a list of indicators. Which Jinja expression can accomplish this task? (Choose one answer)

  • A. {{ vars.ingestion_data | json_query("[?type=='IOC']") }}
  • B. {{ vars.ingestion_data | to_nice_json | ipaddr | hwaddr | email | hash }}
  • C. {{ vars.ingestion_data | type_debug }}
  • D. {{ vars.ingestion_data | extract_artifacts }}
Correct Answer: D

Brave-Dump Clients Votes

D 66.67%
B 33.33%

Comments



Simon Cliffe 2026-02-15 22:02:21

Selected Answers: D


D Reason – artefacts is a defined search query in FortiSoar.

Anonymous User 2026-03-08 01:25:31

Selected Answers: B


B

Anonymous User 2026-04-14 01:58:58

Selected Answers: D


The answer is D. {{ vars.ingestion_data | extract_artifacts }}
FortiSOAR has a built-in Jinja filter called extract_artifacts that parses raw text/data and automatically extracts indicators.