Fortinet FCP_FSM_AN-7.2 FCP - FortiSIEM 7.2 Analyst Exam Practice Test

In Local mode, FortiSIEM performs machine learning tasks using the full dataset without optimization shortcuts, making it the most time-consuming mode compared to Local Auto, Forecasting, or Regression.

When an associated rule triggers, FortiSIEM performs all selected actions in the automation policy. In this case, it will send an email/SMS/webhook, run the remediation script, invoke the integration policy (even if none is currently defined), and create a case. All checked actions are executed.

The automation policy is configured to run a remediation script named "Fortinet FortiOS - Block Source IP FortiOS via API". It specifies enforcement on two FortiGate devices: FortiGate508 and FortiGate90D. Therefore, associated source IP addresses will be blocked on those two FortiGate firewalls only.

The Incident Status shows "Auto Cleared", and the Cleared Reason states: "Rule has not been triggered for 20 minutes." This indicates that the incident was automatically cleared by the rule logic after a defined period of inactivity.

The FortiSIEM agent can be used to send detailed endpoint data such as user activity and process behavior to FortiSIEM, which is essential for performing User and Entity Behavior Analytics (UEBA).

Grouping by User and Count yields five unique pairs: (Mike,4), (Bob,3), (Alice,2), (Bob,6), (Mike,5).