Master Fortinet FCP_FSM_AN-7.2 Exam with Reliable Practice Questions
Upgrade to PremiumRefer to the exhibit.
If you group the events by Reporting Device, Reporting IP, and Application Category, how many results will FortiSIEM display?
Correct : B
Grouping by Reporting Device, Reporting IP, and Application Category yields five unique tuples: (FW01, 10.1.1.1, DB), (FW02, 10.1.1.2, WebApp), (FW01, 10.1.1.1, SSH), (FW03, 10.1.1.3, DB), and (FW04, 10.1.1.4, SSH).
Start a Discussions
Refer to the exhibit.
If you group the events by User and Count attributes, how many results will FortiSIEM display?
Correct : D
Grouping by User and Count yields five unique pairs: (Mike,4), (Bob,3), (Alice,2), (Bob,6), (Mike,5).
Start a Discussions
How can you query the configuration management database (CMDB) in an analytics search?
Correct : A
In an analytics search, you can query the CMDB by clicking Value > Select from CMDB, which allows you to choose values directly from CMDB entries for the selected attribute, enabling precise filtering based on asset data.
Start a Discussions
Refer to the exhibit.
What happens when an analyst clears an incident generated by a rule containing the automation policy shown in the exhibit?
Correct : A
The automation policy has the option 'Do not notify when an incident is cleared manually' enabled. Therefore, when an analyst manually clears an incident, no notification or automation action is triggered.
Start a Discussions
Refer to the exhibit.
How was this incident cleared?
Correct : C
The Incident Status shows 'Auto Cleared', and the Cleared Reason states: 'Rule has not been triggered for 20 minutes.' This indicates that the incident was automatically cleared by the rule logic after a defined period of inactivity.
Start a Discussions