Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Fortinet
  3. Fortinet Certified Professional Security Operations
  4. FCP_FSM_AN-7.2 - FCP - FortiSIEM 7.2 Analyst

Fortinet FCP_FSM_AN-7.2 FCP - FortiSIEM 7.2 Analyst Exam Practice Test

Demo: 9 questions
Total 32 questions
Get FCP_FSM_AN-7.2 Full Access Download FCP_FSM_AN-7.2 PDF

FCP - FortiSIEM 7.2 Analyst Questions and Answers

Question 1

Refer to the exhibit.

According to the automation policy configuration shown in the exhibit, what happens if an associated rule triggers?

Options:

A.

FortiSIEM runs the remediation script, because that takes precedence over all other options.

B.

FortiSIEM performs all selected actions.

C.

FortiSIEM fails to the integration policy, because no policy is defined.

D.

FortiSIEM sends an email, because that is first on the list.

Question 2

How can you query the configuration management database (CMDB) in an analytics search?

Options:

A.

Click Value > Select from CMDB.

B.

On the CMDB tab, select an entry, and then click Create Search.

C.

On the Admin tab, click CMDB Search.

D.

Click Attribute > Select from CMDB.

Question 3

Refer to the exhibit.

Which two conditions will match this rule and subpatterns? (Choose two.)

Options:

A.

A user using RDP over SSL VPN fails to log in to an application five times.

B.

A user runs a brute force password cracker against an RDP server.

C.

A user fails twice to log in when connecting through RDP.

D.

A user connects to the wrong IP address for an RDP session five times.

Question 4

Which two settings must you configure to allow FortiSIEM to apply tags to devices in FortiClient EMS? (Choose two.)

Options:

A.

FortiEMS API credentials defined on FortiSIEM

B.

Remediation script configured

C.

ZTNA tags defined on FortiSIEM

D.

FortiSIEM API credentials defined on FortiEMS\

Question 5

Refer to the exhibit.

What will happen when a device being analyzed by the machine learning configuration shown in the exhibit has a consistently high memory utilization?

Options:

A.

FortiSIEM will update the regression tables for memory utilization, and average sent and received bytes.

B.

FortiSIEM will trigger an incident for high memory utilization.

C.

FortiSIEM will lower the CPU utilization trigger requirement for CPU utilization.

D.

FortiSIEM will update the model with a higher memory utilization average value.

Question 6

Which analytics search can be used to apply a user and entity behavior analytics (UEBA) tag to an event for a failed login by the user JSmith?

Options:

A.

User = smith

B.

Username NOT END WITH jsmith

C.

User IS jsmith

D.

Username CONTAIN smit

Question 7

Refer to the exhibit.

If you group the events by Reporting Device, Reporting IP, and Application Category, how many results will FortiSIEM display?

Options:

A.

Four

B.

Five

C.

One

D.

Six

E.

Two

Question 8

Refer to the exhibit.

The configuration shown in the exhibit is incorrect.

What must you change to allow this configuration to be successfully applied to FortiSIEM?

Options:

A.

The Train factor must be 70% or greater.

B.

Run Mode must be set to ML.

C.

Only one AVG type field must be selected under Fields to use for Prediction.

D.

The selection in Fields to use for Prediction and Field to Predict must match.

Question 9

Which statement about thresholds is true?

Options:

A.

FortiSIEM uses fixed, hardcoded global and device thresholds for all performance metrics.

B.

FortiSIEM uses only device thresholds for security metrics.

C.

FortiSIEM uses global and per device thresholds for performance metrics.

D.

FortiSIEM uses only global thresholds for performance metrics.

Load More FCP_FSM_AN-7.2 Questions
Demo: 9 questions
Total 32 questions
Get FCP_FSM_AN-7.2 Full Access Download FCP_FSM_AN-7.2 PDF