Updated

Join Us Among the Stars

Sign Up & unlock 100% of Exam Questions

Log in / Sign up

No Strings Attached!

51Practice Questions

3Study Modes

Free

TopicSort

Question 1

Configure incidents and automation

An analyst wants to create a rule from a newly created analytics search.

What is the quickest method?

A On the upper menu bar on any tab, click the pencil icon.
B On the Analytics tab, click the New button next to the Filter By box.
C On the Analytics tab, click Actions > Create Rule.
D Create a new rule under Resources > Rules and fill in the search details.

Question 2

Perform searches and investigations

Question 4

Configure reports and visualizations

Question 5

Collect and analyze event data

Question 7

Configure incidents and automation

Question 9

Collect and analyze event data

Question 10

Configure incidents and automation

Question 11

Collect and analyze event data

Question 12

Configure incidents and automation

Question 13

Configure incidents and automation

Question 14

Collect and analyze event data

Question 15

Configure incidents and automation

Question 16

Configure incidents and automation

Question 17

Collect and analyze event data

Question 18

Collect and analyze event data

Question 19

Configure incidents and automation

Question 20

Configure incidents and automation

Question 21

Collect and analyze event data

Question 22

Perform searches and investigations

Question 23

Configure incidents and automation

Question 24

Configure incidents and automation

That's the end of the Preview

This exam has 51 community-verified practice questions. Create a free account to access all questions, comments, and explanations.

Topics covered:

Collect and analyze event dataPerform searches and investigationsConfigure reports and visualizationsConfigure incidents and automation

Log In / Sign Up

Page 1 of 3 • Questions 1-25 of 51

1 2 3

→

Know a question that should be here? Contribute to this exam

Refer to the exhibit.

Question Image

A FortiSIEM analyst is investigating an issue by examining events related to two destination IP addresses. However, the analyst is not getting any results from the search.

Based on the selected filters shown in the exhibit, why is the search returning no results?

A Parentheses are missing between the two items.
B An invalid IP address is typed in the Value column.
C The wrong boolean operator is selected in the Next column.
D The wrong option is selected in the Operator column.

Refer to the exhibit.

Question Image

What will FortiSIEM display if you apply the Group By and Display Fields configuration to a list of allowed firewall connections?

A A list of connections between unique source and destination IP addresses
B A running count of connections, regardless of source or destination
C A list of connections ordered by destination IP address hit count
D A list of connections ordered by the number of unique connections started by each source IP address

You need a model for predicting a target field based on other fields in a dataset and then trigger an anomaly if the value does not match the prediction.

Which machine learning algorithm will build this type of model?

A Regression
B Forecasting
C Clustering
D Regression

When FortiSIEM is configured to apply ZTNA tags, what is the order of events when an analyst wants to automatically block a ZTNA tagged host?

A FortiEMS tags host > FortiSIEM receives tag information > FortiSIEM tags host > ZTNA tags enforced on FortiGate
B FortiEMS tags host > FortiEMS receives tag information > FortiSIEM tags host > ZTNA tags enforced on FortiGate
C FortiSIEM tags host > FortiEMS receives tag information > FortiEMS tags host > ZTNA tags enforced on FortiGate
D FortiEMS receives tag information > FortiEMS tags host > FortiSIEM tags host > ZTNA tags enforced on FortiGate

Question 9

Collect and analyze event data

Question 10

Configure incidents and automation

Question 11

Collect and analyze event data

Question 12

Configure incidents and automation

Question 13

Configure incidents and automation

Question 14

Collect and analyze event data

Question 15

Configure incidents and automation

Question 16

Configure incidents and automation

Question 17

Collect and analyze event data

Question 18

Collect and analyze event data

Question 19

Configure incidents and automation

Question 20

Configure incidents and automation

Question 21

Collect and analyze event data

Question 22

Perform searches and investigations

Question 23

Configure incidents and automation

Question 24

Configure incidents and automation

In FortiSIEM, which database stores discovery information?

A Profile DB
B SVN DB
C CMDB
D Event DB

Refer to the exhibits.

Question Image

Three events are collected over 10 minutes from two servers: Server A and Server B.

Based on the settings for the rule subpattern and a 10-minute condition window, how many incidents will the servers generate?

A Server A will not generate any incidents and Server B will not generate any incidents.
B Server A will generate one incident and Server B will generate one incident.
C Server A will not generate any incidents and server B will generate one incident.
D Server A will generate one incident and Server B will not generate any incidents.

What must match when referencing an inner query from an outer query?

A Both must be event queries.
B Both must be CMDB lookups.
C Both must reference IP addresses.
D Both must have the same data type.

Where must you define and assign a custom python script as a remediation action?

A Remediation Policy
B Automation Policy
C Script Policy
D Rule Engine Policy

In an automation policy, which two methods can you use to notify analysts when an incident is triggered? (Choose two.)

A FortiSIEM Case
B Syslog
C Pop-up window
D Email

Refer to the exhibit.

Question Image

If you group the events by Reporting IP, Event Type, and User attributes, how many results will FortiSIEM display?

A Three
B Five
C Two
D Four

What are the four incident status values on FortiSIEM?

A Active, cleared, cleared manually, false positive
B Active, auto cleared, cleared manually, system cleared
C Active, closed, cleared, resolved
D Active, auto closed, cleared manually, resolved

When selecting multiple rules at once on FortiSIEM, what actions can you perform?

A You can change the severity of multiple rules, and activate or deactivate them.
B You can only change the severity of multiple rules.
C You can only activate or deactivate multiple rules.
D You can only view, edit, and activate a single rule at one time.

Refer to the exhibit.

Question Image

What will this analytics search display?

A Failed login events from all users in the Logon Failure user group
B Failed machine login events sourced from servers in the CMDB
C Failed login events from all servers in the Server Inventory CMDB report
D Failed login events from all servers in the CMDB

Which two data areas can you use for user and entity behavior analytics (UEBA) machine learning models? (Choose two.)

A location
B resources
C process
D network

Refer to the exhibits.

Question Image

An analyst is troubleshooting why the rule shown in the exhibit is generating incidents for successful RDP connections.

Given the rule conditions and subpatterns, what is causing the problem?

A The Failed_Logon subpattern is not checking for failed authentications.
B The Boolean between the subpatterns is incorrect.
C The subpattern relationship RDP_Connection:User = Failed_Logon:User will never match.
D The condition time window is too short.

How does FortiSIEM update the incident table if a performance rule triggers repeatedly?

A FortiSIEM changes the incident status to Repeated, and updates the Last Seen timestamp.
B FortiSIEM updates the Incident Count value and Last Seen timestamp.
C FortiSIEM generates a new incident based on the Rule Frequency value, and updates the First Seen and Last Seen timestamps.
D FortiSIEM generates a new incident each time the rule triggers, and updates the First Seen and Last Seen timestamps.

Refer to the exhibit.

Question Image

If you group the events by Reporting Device, Reporting IP, and Application Category, how many results will FortiSIEM display?

A Four
B Five
C One
D Six
E Two

Which analytics search can be used to apply a user and entity behavior analytics (UEBA) tag to an event for a failed login by the user JSmith?

A User = smith
B Username NOT END WITH jsmith
C User IS jsmith
D Username CONTAIN smit

Which two settings must you configure to allow FortiSIEM to apply tags to devices in FortiClient EMS? (Choose two.)

A FortiEMS API credentials defined on FortiSIEM
B Remediation script configured
C ZTNA tags defined on FortiSIEM
D FortiSIEM API credentials defined on FortiEMS

Refer to the exhibit.

Question Image

What happens when an analyst clears an incident generated by a rule containing the automation policy shown in the exhibit?

A No notification is sent.
B An email is sent to the SOC manager.
C The remediation script is run.
D A notification is sent to the SOC manager dashboard.

Join Us Among the Stars

FCP-FSM-AN-7-2Preview

About the FCP-FSM-AN-7-2 Exam

Mode Selection

Question 1

Question 2

Question 4

Question 5

Question 7

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

That's the end of the Preview

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24