Fortinet FCP FSM AN 7.2
Q: 1
Refer to the exhibit.
Which two conditions will match this rule and subpatterns? (Choose two.)
Which two conditions will match this rule and subpatterns? (Choose two.)Options
Q: 2
Refer to the exhibit.
If you group the events by User, Source IP, and Count attributes, how many results will FortiSIEM
display?
If you group the events by User, Source IP, and Count attributes, how many results will FortiSIEM
display?Options
Q: 3
Refer to the exhibit.
An analyst wants the rule shown in the exhibit to trigger when three failed login attempts occur
within three minutes.
What should the values be for the condition time window and aggregate count?
An analyst wants the rule shown in the exhibit to trigger when three failed login attempts occur
within three minutes.
What should the values be for the condition time window and aggregate count?Options
Q: 4
Which statement about thresholds is true?
Options
Q: 5
Refer to the exhibit.
Which section contains the subpattern configuration that determines how many matching events are
needed to trigger the rule?
Which section contains the subpattern configuration that determines how many matching events are
needed to trigger the rule?Options
Q: 6
Which running mode takes the most time to perform machine learning tasks?
Options
Q: 7
Refer to the exhibit.
As shown in the exhibit, why are some of the fields highlighted in red?
Options
Q: 8
Refer to the exhibit.
Which value would you expect the FortiSIEM parser to use to populate the Application Name field?
Which value would you expect the FortiSIEM parser to use to populate the Application Name field?Options
Q: 9
Refer to the exhibit.
How was this incident cleared?
How was this incident cleared?Options
Q: 10
Refer to the exhibit.
If you group the events by User and Count attributes, how many results will FortiSIEM display?
If you group the events by User and Count attributes, how many results will FortiSIEM display?Options
Question 1 of 10
