Month End Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Fortinet FCP_FSM_AN-7.2 FCP - FortiSIEM 7.2 Analyst Exam Practice Test

Page: 1 / 3
Total 32 questions

FCP - FortiSIEM 7.2 Analyst Questions and Answers

Question 1

Refer to the exhibit.

Question # 1

Which two lookup types can you reference as the subquery in a nested analytics query? (Choose two.)

Options:

A.

LDAP Query

B.

CMDB Query

C.

SNMP Query

D.

Event Query

Question 2

Which running mode takes the most time to perform machine learning tasks?

Options:

A.

Local auto

B.

Local

C.

Forecasting

D.

Regression

Question 3

Which analytics search can be used to apply a user and entity behavior analytics (UEBA) tag to an event for a failed login by the user JSmith?

Options:

A.

User = smith

B.

Username NOT END WITH jsmith

C.

User IS jsmith

D.

Username CONTAIN smit

Question 4

Refer to the exhibit.

Question # 4

According to the automation policy configuration shown in the exhibit, what happens if an associated rule triggers?

Options:

A.

FortiSIEM runs the remediation script, because that takes precedence over all other options.

B.

FortiSIEM performs all selected actions.

C.

FortiSIEM fails to the integration policy, because no policy is defined.

D.

FortiSIEM sends an email, because that is first on the list.

Question 5

Refer to the exhibit.

Question # 5

If a rule containing the automation policy shown in the exhibit triggers, what will happen?

Options:

A.

Associated source IP addresses will be blocked on devices in the Aviation organization.

B.

Associated source IP addresses will be blocked on all FortiGate firewalls.

C.

Associated source IP addresses will be blocked on devices in the Network CMDB group.

D.

Associated source IP addresses will be blocked on two FortiGate firewalls.

Question 6

Refer to the exhibit.

Question # 6

How was this incident cleared?

Options:

A.

The analyst manually cleared the incident from the incident table.

B.

FortiSIEM cleared the incident automatically after 24 hours.

C.

The incident was cleared automatically by the rule.

D.

The endpoint was rebooted and sent an all-clear signal to FortiSIEM.

Question 7

What can you use to send data to FortiSIEM for user and entity behavior analytics (UEBA)?

Options:

A.

FortiSIEM agent

B.

SSH

C.

SNMP

D.

FortiSIEM worker

Question 8

Refer to the exhibit.

Question # 8

If you group the events by User and Count attributes, how many results will FortiSIEM display?

Options:

A.

Two

B.

Six

C.

Three

D.

Five

E.

One

Question 9

Refer to the exhibit.

Question # 9

The analyst is troubleshooting the analytics query shown in the exhibit.

Why is this search not producing any results?

Options:

A.

The Time Range is set incorrectly.

B.

The inner and outer nested query attribute types do not match.

C.

You cannot reference User and Event Type attributes in the same search.

D.

The Boolean operator is wrong between the attributes.

Page: 1 / 3
Total 32 questions