Fortinet FCP_FSM_AN-7.2 Exam - Topic 2 Question 5 Discussion

Actual exam question for Fortinet's FCP_FSM_AN-7.2 exam

Question #: 5
Topic #: 2

How does FortiSIEM update the incident table if a performance rule triggers repeatedly?

AFortiSIEM changes the incident status to Repeated, and updates the Last Seen timestamp.

BFortiSIEM updates the Incident Count value and Last Seen timestamp.

CFortiSIEM generates a new incident based on the Rule Frequency value, and updates the First Seen and Last Seen timestamps.

DFortiSIEM generates a new incident each time the rule triggers, and updates the First Seen and Last Seen timestamps.

Show Suggested Answer

Suggested Answer: B

When a performance rule triggers repeatedly, FortiSIEM updates the existing incident by incrementing the Incident Count and refreshing the Last Seen timestamp. This avoids flooding the incident table with duplicates while still tracking repeated occurrences.

by Sharan at Oct 02, 2025, 06:10 PM

Limited Time Offer

25%

Off

Get Premium FCP_FSM_AN-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lashandra

2 months ago

C sounds interesting, but I doubt that's how it works.

upvoted 0 times

...

Haydee

2 months ago

I always thought it was D. New incident every time!

upvoted 0 times

...

Glenna

2 months ago

I think it's B! Incident Count gets updated.

upvoted 0 times

...

Tegan

3 months ago

Wait, really? I thought it would just update the existing one.

upvoted 0 times

...

Glory

3 months ago

Nah, I'm pretty sure it's A. Status changes to Repeated.

upvoted 0 times

...

Stevie

3 months ago

I recall that Last Seen is definitely updated, but I can't remember if it generates a new incident or just updates the existing one.

upvoted 0 times

...

Paola

3 months ago

I practiced a similar question, and I feel like it was about generating new incidents. Could it be D?

upvoted 0 times

...

Cory

4 months ago

I'm not entirely sure, but I remember something about the incident status changing. Maybe it's A?

upvoted 0 times

...

Vivienne

4 months ago

I think the answer might be B, since it mentions updating the Incident Count, which seems relevant for repeated triggers.

upvoted 0 times

...

Georgeanna

4 months ago

I feel pretty confident about this one. Based on my understanding of how incident management works, the correct answer is B. FortiSIEM updates the Incident Count and Last Seen timestamp when a performance rule triggers repeatedly.

upvoted 0 times

...

Jolanda

4 months ago

I'm a bit confused on this one. The options all sound plausible, but I'm not sure which one is the correct answer. I'll have to review the material again and see if I can figure it out.

upvoted 0 times

...

Bette

4 months ago

Okay, let me see. If the rule triggers repeatedly, it makes sense that FortiSIEM would just update the existing incident rather than creating a new one each time. So I'm going to go with B.

upvoted 0 times

...

Kati

4 months ago

Hmm, I'm not sure about this one. I'll have to think it through carefully. Maybe C or D could be right, since they talk about generating new incidents.

upvoted 0 times

...

Jillian

5 months ago

I think the answer is B, since it mentions updating the Incident Count and Last Seen timestamp, which makes sense for a repeated performance rule trigger.

upvoted 0 times

...