Fortinet Exam FCP_FSM_AN-7.2 Topic 2 Question 5 Discussion

Actual exam question for Fortinet's FCP_FSM_AN-7.2 exam

Question #: 5
Topic #: 2

How does FortiSIEM update the incident table if a performance rule triggers repeatedly?

AFortiSIEM changes the incident status to Repeated, and updates the Last Seen timestamp.

BFortiSIEM updates the Incident Count value and Last Seen timestamp.

CFortiSIEM generates a new incident based on the Rule Frequency value, and updates the First Seen and Last Seen timestamps.

DFortiSIEM generates a new incident each time the rule triggers, and updates the First Seen and Last Seen timestamps.

Show Suggested Answer

Suggested Answer: B

When a performance rule triggers repeatedly, FortiSIEM updates the existing incident by incrementing the Incident Count and refreshing the Last Seen timestamp. This avoids flooding the incident table with duplicates while still tracking repeated occurrences.

by Sharan at Oct 02, 2025, 07:10 PM

Limited Time Offer

25%

Off

Get Premium FCP_FSM_AN-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Vivienne

5 days ago

I think the answer might be B, since it mentions updating the Incident Count, which seems relevant for repeated triggers.

upvoted 0 times

...

Georgeanna

11 days ago

I feel pretty confident about this one. Based on my understanding of how incident management works, the correct answer is B. FortiSIEM updates the Incident Count and Last Seen timestamp when a performance rule triggers repeatedly.

upvoted 0 times

...

Jolanda

16 days ago

I'm a bit confused on this one. The options all sound plausible, but I'm not sure which one is the correct answer. I'll have to review the material again and see if I can figure it out.

upvoted 0 times

...

Bette

21 days ago

Okay, let me see. If the rule triggers repeatedly, it makes sense that FortiSIEM would just update the existing incident rather than creating a new one each time. So I'm going to go with B.

upvoted 0 times

...

Kati

26 days ago

Hmm, I'm not sure about this one. I'll have to think it through carefully. Maybe C or D could be right, since they talk about generating new incidents.

upvoted 0 times

...

Jillian

1 months ago

I think the answer is B, since it mentions updating the Incident Count and Last Seen timestamp, which makes sense for a repeated performance rule trigger.

upvoted 0 times

...