FCP - FortiSIEM 7.2 Analyst (FCP_FSM_AN-7.2) Free Practice Test

Question 1

Refer to the exhibit.

If you group the events by User, Source IP, and Count attributes, how many results will FortiSIEM display?

A. Two

B. Three

C. Five

D. Six

E. Four

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

How does FortiSIEM update the incident table if a performance rule triggers repeatedly?

A. FortiSIEM generates a new incident each time the rule triggers, and updates the First Seen and Last Seen timestamps.

B. FortiSIEM generates a new incident based on the Rule Frequency value, and updates the First Seen and Last Seen timestamps.

C. FortiSIEM changes the incident status to Repeated, and updates the Last Seen timestamp.

D. FortiSIEM updates the Incident Count value and Last Seen timestamp.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

You need a model for predicting a target field based on other fields in a dataset and then trigger an anomaly if the value does not match the prediction. Which machine learning algorithm will build this type of model?

A. Regression

B. Regression

C. Clustering

D. Forecasting

Correct Answer: A

Question 4

Refer to the exhibit.

An analyst is trying to identify an issue using an expression based on the Expression Builder settings shown in the exhibit; however, the error message shown in the exhibit indicates that the expression is invalid.
What is the correct syntax to create an expression that generates a total count of matched events?

A. Matched Events COUNT()

B. Matched Events (COUNT)

C. COUNT(Matched Events)

D. (COUNT) Matched Events

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Refer to the exhibit.

If a rule containing the automation policy shown in the exhibit triggers, what will happen?

A. Associated source IP addresses will be blocked on two FortiGate firewalls.

B. Associated source IP addresses will be blocked on devices in the Network CMDB group.

C. Associated source IP addresses will be blocked on devices in the Aviation organization.

D. Associated source IP addresses will be blocked on all FortiGate firewalls.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Which information can FortiSIEM retrieve from FortiClient EMS through an API connection?

A. Host software versions

B. Host login credentials

C. FortiSIEM license

D. ZTNA tags

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

Which two settings must you configure to allow FortiSIEM to apply tags to devices in FortiClient EMS? (Choose two.)

A. FortiSIEM API credentials defined on FortiEMS\

B. Remediation script configured

C. ZTNA tags defined on FortiSIEM

D. FortiEMS API credentials defined on FortiSIEM

Correct Answer: A,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Fortinet FCP - FortiSIEM 7.2 Analyst (FCP_FSM_AN-7.2) Free Practice Test