Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Fortinet FCP_FSM_AN-7.2 FCP - FortiSIEM 7.2 Analyst Exam Practice Test

FCP - FortiSIEM 7.2 Analyst Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Which running mode takes the most time to perform machine learning tasks?

Options:

A.

Local auto

B.

Local

C.

Forecasting

D.

Regression

Question 2

Which statement about thresholds is true?

Options:

A.

FortiSIEM uses fixed, hardcoded global and device thresholds for all performance metrics.

B.

FortiSIEM uses only device thresholds for security metrics.

C.

FortiSIEM uses global and per device thresholds for performance metrics.

D.

FortiSIEM uses only global thresholds for performance metrics.

Question 3

Refer to the exhibit.

Which two conditions will match this rule and subpatterns? (Choose two.)

Options:

A.

A user using RDP over SSL VPN fails to log in to an application five times.

B.

A user runs a brute force password cracker against an RDP server.

C.

A user fails twice to log in when connecting through RDP.

D.

A user connects to the wrong IP address for an RDP session five times.

Question 4

Refer to the exhibit.

If a rule containing the automation policy shown in the exhibit triggers, what will happen?

Options:

A.

Associated source IP addresses will be blocked on devices in the Aviation organization.

B.

Associated source IP addresses will be blocked on all FortiGate firewalls.

C.

Associated source IP addresses will be blocked on devices in the Network CMDB group.

D.

Associated source IP addresses will be blocked on two FortiGate firewalls.

Question 5

Refer to the exhibit.

What happens when an analyst clears an incident generated by a rule containing the automation policy shown in the exhibit?

Options:

A.

No notification is sent.

B.

An email is sent to the SOC manager.

C.

The remediation script is run.

D.

A notification is sent to the SOC manager dashboard.

Question 6

Refer to the exhibit.

An analyst wants the rule shown in the exhibit to trigger when three failed login attempts occur within three minutes.

What should the values be for the condition time window and aggregate count?

Options:

A.

Time window 180 seconds, aggregate count 3

B.

Time window 180 seconds, aggregate count 2

C.

Time window 90 seconds, aggregate count 3

D.

Time window 90 seconds, aggregate count 2

Question 7

How does FortiSIEM update the incident table if a performance rule triggers repeatedly?

Options:

A.

FortiSIEM changes the incident status to Repeated, and updates the Last Seen timestamp.

B.

FortiSIEM updates the Incident Count value and Last Seen timestamp.

C.

FortiSIEM generates a new incident based on the Rule Frequency value, and updates the First Seen and Last Seen timestamps.

D.

FortiSIEM generates a new incident each time the rule triggers, and updates the First Seen and Last Seen timestamps.

Question 8

Refer to the exhibit.

An analyst is trying to identify an issue using an expression based on the Expression Builder settings shown in the exhibit; however, the error message shown in the exhibit indicates that the expression is invalid.

What is the correct syntax to create an expression that generates a total count of matched events?

Options:

A.

COUNT(Matched Events)

B.

(COUNT) Matched Events

C.

Matched Events (COUNT)

D.

Matched Events COUNT()

Question 9

What are two required components of a rule? (Choose two.)

Options:

A.

Exception policy

B.

Subpattern

C.

Detection Technology

D.

Clear policy