Refer to the exhibit. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/Fortinet_FCP_FSM_AN-7.2/page_10_img_1.jpg Which value would you expect the FortiSIEM parser to use to populate the Application Name field?

Question 8 - Fortinet FCP_FSM_AN-7.2 Real Exam Questions [Jan 2026 Update]

Q: 8

Refer to the exhibit.

Which value would you expect the FortiSIEM parser to use to populate the Application Name field?

Options

Correct Answer:

Explanation

The FortiSIEM parser for FortiGate traffic logs is designed to populate the Application Name attribute with the most specific and meaningful information available in the raw log. The primary source for the application name is the app field. However, in the provided log, the app field has a generic value of "Network.Service", which indicates that the FortiGate Application Control engine did not identify a specific application.

In such cases, the FortiSIEM parser is programmed with fallback logic to use the value from the service field, which is "SSL" in this log. This provides a more descriptive and useful application name for security analysis within FortiSIEM.

Why Incorrect

A. applist: This value ("default") refers to the name of the application control list used in the firewall policy, not the application detected in the traffic.

B. Network.Service: While this is the value of the app field, it is a generic fallback value from FortiGate. The FortiSIEM parser discards this in favor of the more specific service field value.

D. wan1: This is the value of the dstintf (destination interface) field and is unrelated to the application name.

References

1. FortiSIEM 7.2 Administration and Analytics Study Guide: This guide explains the parsing process for various log sources. In the section covering FortiGate integration

it details the normalization of traffic logs. It specifies that the parser prioritizes the app field for the application name but will use the service field as a fallback when the app field contains a generic or uninformative value (such as "unscanned" or "Network.Service") to ensure the event data is meaningful. (Chapter: "Architecture and System Internals"

Section: "Event Parsing and Normalization").

2. FortiSIEM - External Systems Configuration Guide: This document outlines the supported log formats and the mapping of log fields to FortiSIEM attributes. For FortiGate traffic logs (type="traffic")

the guide shows the intended mapping of app to the Application attribute. The intelligent fallback logic is an implementation detail of the parser designed to enhance data quality

as described in the training courseware. (Section: "Supported Devices"

Subsection: "Fortinet FortiGate").

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE