Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. FCP_FSM_AN-7.2

Fortinet FCP_FSM_AN-7.2 Exam
FCP - FortiSIEM 7.2 Analyst (Page 3 )

Updated On: 7-Feb-2026
Page 2 of 8
PDF with 51 Questions

Which statement about thresholds is true?

  1. FortiSIEM uses fixed, hardcoded global and device thresholds for all performance metrics.
  2. FortiSIEM uses only device thresholds for security metrics.
  3. FortiSIEM uses global and per device thresholds for performance metrics.
  4. FortiSIEM uses only global thresholds for performance metrics.

Answer(s): C

Explanation:

FortiSIEM evaluates performance metrics against both global thresholds, which apply system-wide, and per-device thresholds, which can be customized for individual devices. This dual approach allows flexibility in monitoring while ensuring consistent baseline alerting.



Which running mode takes the most time to perform machine learning tasks?

  1. Local auto
  2. Local
  3. Forecasting
  4. Regression

Answer(s): B

Explanation:

In Local mode, FortiSIEM performs machine learning tasks using the full dataset without optimization shortcuts, making it the most time-consuming mode compared to Local Auto, Forecasting, or Regression.



Refer to the exhibit.



The analyst is troubleshooting the analytics query shown in the exhibit.

Why is this search not producing any results?

  1. The Time Range is set incorrectly.
  2. The inner and outer nested query attribute types do not match.
  3. You cannot reference User and Event Type attributes in the same search.
  4. The Boolean operator is wrong between the attributes.

Answer(s): B

Explanation:

The issue is that the "User" attribute is incorrectly assigned a Device IP group value, which is a mismatch of attribute types. "User" expects a user name or identity, not a device IP group. This mismatch between the attribute type and the provided value causes the search to return no results.



Refer to the exhibit.



If you group the events by Reporting Device, Reporting IP, and Application Category, how many results will FortiSIEM display?

  1. Four
  2. Five
  3. One
  4. Six
  5. Two

Answer(s): B

Explanation:

Grouping by Reporting Device, Reporting IP, and Application Category yields five unique tuples:
(FW01, 10.1.1.1, DB), (FW02, 10.1.1.2, WebApp), (FW01, 10.1.1.1, SSH), (FW03, 10.1.1.3, DB), and (FW04, 10.1.1.4, SSH).



Which analytics search can be used to apply a user and entity behavior analytics (UEBA) tag to an event for a failed login by the user JSmith?

  1. User = smith
  2. Username NOT END WITH jsmith
  3. User IS jsmith
  4. Username CONTAIN smit

Answer(s): C

Explanation:

The correct syntax to match an exact username in FortiSIEM analytics search is User IS jsmith. This ensures that the UEBA tag is applied only when the event is specifically tied to the user "jsmith", which is required for accurate behavioral analytics.



Viewing page 3 of 8
Viewing questions 11 - 15 out of 51 questions



Post your Comments and Discuss Fortinet FCP_FSM_AN-7.2 exam prep with other Community members:

Join the FCP_FSM_AN-7.2 Discussion