Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Fortinet FCP_FSM_AN-7.2 - FCP - FortiSIEM 7.2 Analyst

Fortinet FCP_FSM_AN-7.2 Premium Access     Download Demo    
Page: 1 / 1
Total 32 questions

Refer to the exhibit.

According to the automation policy configuration shown in the exhibit, what happens if an associated rule triggers?

A.

FortiSIEM runs the remediation script, because that takes precedence over all other options.

B.

FortiSIEM performs all selected actions.

C.

FortiSIEM fails to the integration policy, because no policy is defined.

D.

FortiSIEM sends an email, because that is first on the list.

Refer to the exhibit.

What is the Group: FortiSIEM Analysts value referring to?

A.

FortiSIEM organization group

B.

LDAP user group

C.

CMDB user group

D.

Windows Active Directory user group

Which information can FortiSIEM retrieve from FortiClient EMS through an API connection?

A.

Host software versions

B.

FortiSIEM license

C.

Host login credentials

D.

ZTNA tags

Refer to the exhibit.

The analyst is troubleshooting the analytics query shown in the exhibit.

Why is this search not producing any results?

A.

The Time Range is set incorrectly.

B.

The inner and outer nested query attribute types do not match.

C.

You cannot reference User and Event Type attributes in the same search.

D.

The Boolean operator is wrong between the attributes.

Refer to the exhibit.

If a rule containing the automation policy shown in the exhibit triggers, what will happen?

A.

Associated source IP addresses will be blocked on devices in the Aviation organization.

B.

Associated source IP addresses will be blocked on all FortiGate firewalls.

C.

Associated source IP addresses will be blocked on devices in the Network CMDB group.

D.

Associated source IP addresses will be blocked on two FortiGate firewalls.

Which two settings must you configure to allow FortiSIEM to apply tags to devices in FortiClient EMS? (Choose two.)

A.

FortiEMS API credentials defined on FortiSIEM

B.

Remediation script configured

C.

ZTNA tags defined on FortiSIEM

D.

FortiSIEM API credentials defined on FortiEMS\

Refer to the exhibit.

A FortiSIEM device is receiving syslog events from a FortiGate firewall. The FortiSIEM analyst is trying to search the raw event logs for the last two hours that contain the keyword "udp". However, they are getting no results from the search, which they know should be available. Based on the filter shown in the exhibit, why are there no search results?

A.

The analyst selected AND in the Next column. This is the wrong Boolean operator.

B.

The Time Range value should be set to Real-Time.

C.

The keyword is case sensitive. Instead of typing udp in the Value field, the analyst should type UDP.

D.

The analyst selected = in the Operator column. That is the wrong operator.

Which items are used to define a subpattern?

A.

Filters, Aggregate, Group By definitions

B.

Filters, Aggregate, Time Window definitions

C.

Filters, Group By, Threshold definitions

D.

Filters, Threshold, Time Window definitions

Refer to the exhibit.

Which two lookup types can you reference as the subquery in a nested analytics query? (Choose two.)

A.

LDAP Query

B.

CMDB Query

C.

SNMP Query

D.

Event Query