New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet FCP_FSM_AN-7.2 Exam - Topic 4 Question 4 Discussion

Actual exam question for Fortinet's FCP_FSM_AN-7.2 exam
Question #: 4
Topic #: 4
[All FCP_FSM_AN-7.2 Questions]

Refer to the exhibit.

An analyst is troubleshooting the rule shown in the exhibit. It is not generating any incidents, but the filter parameters are generating events on the Analytics tab.

What is wrong with the rule conditions?

Show Suggested Answer Hide Answer
Suggested Answer: C

The Group By attributes - Destination IP and User - cause the aggregation (COUNT(Source IP) >= 2) to apply within each unique combination of those groupings. This restricts the count calculation and can prevent the rule from triggering incidents, even if matching events exist in the Analytics tab.


by Apolonia at Oct 03, 2025, 02:07 AM

Limited Time Offer

25%

Off

Get Premium FCP_FSM_AN-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Portia
2 months ago
I think B) is the main problem, but A) could also be a factor.
upvoted 0 times
...
Rosenda
2 months ago
Wait, are we sure D) is too restrictive? That seems odd.
upvoted 0 times
...
Kristian
2 months ago
C) could definitely be restricting the events counted.
upvoted 0 times
...
Jackie
3 months ago
A) seems like the right call, CMDB lookups can mess things up.
upvoted 0 times
...
Aracelis
3 months ago
I disagree, B) is more likely the issue. Fully qualified names are crucial!
upvoted 0 times
...
Leah
3 months ago
I feel like the Aggregate attribute could be too restrictive, but I’m not entirely confident about how that impacts incident generation.
upvoted 0 times
...
Noel
3 months ago
The Group By attributes could definitely be limiting the events counted, but I can't recall if that would stop incidents from being generated.
upvoted 0 times
...
Marylin
4 months ago
I think I saw a similar question where the Destination Host Name had to be fully qualified. That might be relevant here.
upvoted 0 times
...
Silvana
4 months ago
I remember something about the Event Type needing to match the data source, but I'm not sure if it's specifically about CMDB lookups.
upvoted 0 times
...
Anglea
4 months ago
I feel pretty confident the answer is B. The Destination Host Name value not being fully qualified is a common issue that can cause rules to not work as expected. I'd focus on fixing that first.
upvoted 0 times
...
Alonzo
4 months ago
Okay, let me think this through. The Group By attributes and Aggregate attribute could be too restrictive, limiting the events that are counted. I'd double-check those settings to see if that's the problem.
upvoted 0 times
...
Margurite
4 months ago
Hmm, I'm not sure. The event type referring to a CMDB lookup seems like it could be the issue, but the question doesn't give us much context on that. I might need to review the rule in more detail to figure this out.
upvoted 0 times
...
Rodolfo
4 months ago
I'm a bit confused on this one. The question mentions the filter parameters are generating events, so I'm not sure if the issue is with the rule conditions themselves. Maybe it's something else going on?
upvoted 0 times
...
Eladia
5 months ago
I think the answer is B. The Destination Host Name value is not fully qualified, so the rule is not matching the events correctly.
upvoted 0 times
...

Save Cancel