FCP_FSM_AN-7.2 Exam - Free Fortinet Questions and Answers

Question #6 (Topic: Exam A)

Refer to the exhibit.

An analyst is trying to generate an incident with a title that includes the Source IP, Destination IP, User, and Destination Host Name. They are unable to add a Destination Host Name as an incident attribute.
What must be changed to allow the analyst to select Destination Host Name as an attribute?

A. The Destination Host Name must be selected as a Triggered Attribute. B. The Destination Host Name must be set as an aggregate item in a subpattern. C. The Destination Host Name must be added as an Event type in the FortiSIEM. D. The Destination IP Event Attribute must be removed.

Answer: A

Question #7 (Topic: Exam A)

Refer to the exhibit.

What will happen when a device being analyzed by the machine learning configuration shown in the exhibit has a consistently high memory utilization?

A. FortiSIEM will update the regression tables for memory utilization, and average sent and received bytes. B. FortiSIEM will trigger an incident for high memory utilization. C. FortiSIEM will lower the CPU utilization trigger requirement for CPU utilization. D. FortiSIEM will update the model with a higher memory utilization average value.

Answer: D

Question #8 (Topic: Exam A)

Which two settings must you configure to allow FortiSIEM to apply tags to devices in FortiClient EMS? (Choose two.)

A. FortiEMS API credentials defined on FortiSIEM B. Remediation script configured C. ZTNA tags defined on FortiSIEM D. FortiSIEM API credentials defined on FortiEMS

Answer: AD

Question #9 (Topic: Exam A)

What are two required components of a rule? (Choose two.)

A. Exception policy B. Subpattern C. Detection Technology D. Clear policy

Answer: BC

Question #10 (Topic: Exam A)

Refer to the exhibit.

If you group the events by User and Count attributes, how many results will FortiSIEM display?

A. Two B. Six C. Three D. Five E. One

Answer: D

Fortinet FCP_FSM_AN-7.2 - FCP - FortiSIEM 7.2 Analyst Exam