1. Home
  2. Fortinet
  3. Security Operations
  4. FCP_FSM_AN-7.2
  5. FCP - FortiSIEM 7.2 Analyst Questions and Answers

Pass the Fortinet Security Operations FCP_FSM_AN-7.2 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 1 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which running mode takes the most time to perform machine learning tasks?

Options:
A.

Local auto

B.

Local

C.

Forecasting

D.

Regression

Expert Solution
Questions # 2:

Refer to the exhibit.

Question # 2

A FortiSIEM device is receiving syslog events from a FortiGate firewall. The FortiSIEM analyst is trying to search the raw event logs for the last two hours that contain the keyword "udp". However, they are getting no results from the search, which they know should be available. Based on the filter shown in the exhibit, why are there no search results?

Options:
A.

The analyst selected AND in the Next column. This is the wrong Boolean operator.

B.

The Time Range value should be set to Real-Time.

C.

The keyword is case sensitive. Instead of typing udp in the Value field, the analyst should type UDP.

D.

The analyst selected = in the Operator column. That is the wrong operator.

Expert Solution
Questions # 3:

Refer to the exhibit.

Question # 3

Which value would you expect the FortiSIEM parser to use to populate the Application Name field?

Options:
A.

applist

B.

Network.Service

C.

SSL

D.

wan1

Expert Solution
Questions # 4:

How does FortiSIEM update the incident table if a performance rule triggers repeatedly?

Options:
A.

FortiSIEM changes the incident status to Repeated, and updates the Last Seen timestamp.

B.

FortiSIEM updates the Incident Count value and Last Seen timestamp.

C.

FortiSIEM generates a new incident based on the Rule Frequency value, and updates the First Seen and Last Seen timestamps.

D.

FortiSIEM generates a new incident each time the rule triggers, and updates the First Seen and Last Seen timestamps.

Expert Solution
Questions # 5:

Refer to the exhibit.

Question # 5

If you group the events by Reporting Device, Reporting IP, and Application Category, how many results will FortiSIEM display?

Options:
A.

Four

B.

Five

C.

One

D.

Six

E.

Two

Expert Solution
Questions # 6:

Refer to the exhibit.

Question # 6

What is the Group: FortiSIEM Analysts value referring to?

Options:
A.

FortiSIEM organization group

B.

LDAP user group

C.

CMDB user group

D.

Windows Active Directory user group

Expert Solution
Questions # 7:

Refer to the exhibit.

Question # 7

Which two lookup types can you reference as the subquery in a nested analytics query? (Choose two.)

Options:
A.

LDAP Query

B.

CMDB Query

C.

SNMP Query

D.

Event Query

Expert Solution
Questions # 8:

Refer to the exhibit.

Question # 8

What happens when an analyst clears an incident generated by a rule containing the automation policy shown in the exhibit?

Options:
A.

No notification is sent.

B.

An email is sent to the SOC manager.

C.

The remediation script is run.

D.

A notification is sent to the SOC manager dashboard.

Expert Solution
Questions # 9:

Refer to the exhibit.

Question # 9

An analyst is trying to generate an incident with a title that includes the Source IP, Destination IP, User, and Destination Host Name. They are unable to add a Destination Host Name as an incident attribute.

What must be changed to allow the analyst to select Destination Host Name as an attribute?

Options:
A.

The Destination Host Name must be selected as a Triggered Attribute.

B.

The Destination Host Name must be set as an aggregate item in a subpattern.

C.

The Destination Host Name must be added as an Event type in the FortiSIEM.

D.

The Destination IP Event Attribute must be removed.

Expert Solution
Viewing page 1 out of 1 pages
Viewing questions 1-10 out of questions