Fortinet Fortinet Certification NSE5_EDR-5.0 Questions & Answers

• Question 1:

  An administrator finds that a newly installed collector does not display on the INVENTORY tab in the central manager.

  What two troubleshooting steps must the administrator perform? (Choose two.)

  A. Export the collector logs from the central manager.

  B. Verify the central manager has connectivity to FCS.

  C. Verify TCP ports 8081 and 555 are open.

  D. Check if the FortiEDR services are running on the collector device.

  Correct Answer: CD

• Question 2:

  Which two events can trigger FortiEDR NGAV policy violations? (Choose two.)

  A. When a malicious file attempts to communicate externally

  B. When a malicious file is executed

  C. When a malicious file is read

  D. When a malicious file attempts to access data

  Correct Answer: BC

  NGAV reacts when a file is Saved, Read, or Executed Page 79 of the guide

• Question 3:

  A company requires a global exception for a FortiEDR multi-tenant environment.

  How can the administrator achieve this?

  A. The local administrator can create a new exception and share it with other organizations.

  B. A user account can create a new exception and share it with other organizations.

  C. The administrator can create a new exception and assign it globally to all organizations.

  D. The administrator can create a new exception policy for each organization hosted on FortiEDR.

  Correct Answer: C

  Fortiedr AdminGuide "For a multi-organization FortiEDR system, an Administrator who is assigned to All organizations (see Users) can also specify whether the exception applies to all organizations. The All organizations option applies the exception to all organizations, regardless of whether or not the security event already occurred."

• Question 4:

  How does the FortiEDR approach compare to the traditional EDR? (Choose two.)

  A. FortiEDR blocks threats in real time, eliminating the response gap

  B. Traditional EDR is faster

  C. There is no difference in response time

  D. FortiEDR requires less staff

  Correct Answer: AD

• Question 5:

  Which statement is true about the flow analyzer view in forensics?

  A. It displays a graphic flow diagram.

  B. Two events can be compared side-by-side.

  C. It shows details about processes and sub processes.

  D. The stack memory of a specific device can be retrieved

  Correct Answer: A

• Question 6:

  Refer to the exhibit.

  The exhibit shows an event viewer.

  

  What is true about the Payroll Manager.exe event?

  A. An event has not been handled by a console admin

  B. An event has been deleted

  C. A rule assigned action is set to block but the policy is in simulation mode

  D. An event has been handled by the communication control policy

  Correct Answer: C

• Question 7:

  Which two types of traffic are allowed while the device is in isolation mode? (Choose two.)

  A. Outgoing SSH connections

  B. HTTP sessions

  C. ICMP sessions D. Incoming RDP connections

  Correct Answer: CD

• Question 8:

  Which two criteria are requirements of integrating FortiEDR into the Fortinet Security Fabric? (Choose two.)

  A. Core with Core only functionality

  B. A Forensics add-on license

  C. Central Manager connected to FCS

  D. A valid API user with access to connectors

  Correct Answer: CD

• Question 9:

  When installing a FortiEDR collector, why is a `Registration Password' for collectors needed?

  A. To restrict installation and uninstallation of collectors

  B. To verify Fortinet support request

  C. To restrict access to the management console

  D. To verify new group assignment

  Correct Answer: A

• Question 10:

  Which FortiEDR component must have JumpBox functionality to connect with FortiAnalyzer?

  A. Collector

  B. Core

  C. Central manager

  D. Aggregator

  Correct Answer: B

  You need an on premise CORE , with jump box functionality and valid API access, to Gate, Analyzer, NAC and or Sandbox.