Fortinet Fortinet Certifications NSE5_EDR-5.0 Questions & Answers

• Question 11:

  Which three steps does FortiXDR perform to find and prevent cyberattacks? (Choose three.)

  A. Extended analysis

  B. Extended detection

  C. Extended discovery

  D. Extended investigation

  E. Extended response

  Correct Answer: BDE

• Question 12:

  An administrator finds a third party free software on a user's computer mat does not appear in me application list in the communication control console

  Which two statements are true about this situation? (Choose two)

  A. The application is allowed in all communication control policies

  B. The application is ignored as the reputation score is acceptable by the security policy

  C. The application has not made any connection attempts

  D. The application is blocked by the security policies

  Correct Answer: CD

• Question 13:

  Exhibit.

  

  Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

  A. The device is moved to isolation.

  B. Playbooks is configured for this event.

  C. The event has been blocked

  D. The policy is in simulation mode

  Correct Answer: BD

• Question 14:

  Which FortiEDR component is required to find malicious files on the entire network of an organization?

  A. FortiEDR Aggregator

  B. FortiEDR Central Manager

  C. FortiEDR Threat Hunting Repository

  D. FortiEDR Core

  Correct Answer: C

• Question 15:

  Which threat hunting profile is the most resource intensive?

  A. Comprehensive

  B. Inventory

  C. Default

  D. Standard Collection

  Correct Answer: A

• Question 16:

  What is the role of a collector in the communication control policy?

  A. A collector blocks unsafe applications from running

  B. A collector is used to change the reputation score of any application that collector runs

  C. A collector records applications that communicate externally

  D. A collector can quarantine unsafe applications from communicating

  Correct Answer: C

• Question 17:

  A company requires a global communication policy for a FortiEDR multi-tenant environment.

  How can the administrator achieve this?

  A. An administrator creates a new communication control policy and shares it with other organizations

  B. A local administrator creates new a communication control policy and shares it with other organizations

  C. A local administrator creates a new communication control policy and assigns it globally to all organizations

  D. An administrator creates a new communication control policy for each organization

  Correct Answer: C

• Question 18:

  Exhibit.

  

  Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

  A. An exception has been created for this event

  B. The forensics data is displayed m the stacks view

  C. The device has been isolated

  D. The exfiltration prevention policy has blocked this event

  Correct Answer: BC

• Question 19:

  A FortiEDR security event is causing a performance issue with a third-parry application. What must you do first about the event?

  A. Contact Fortinet support

  B. Terminate the process and uninstall the third-party application

  C. Immediately create an exception

  D. Investigate the event to verify whether or not the application is safe

  Correct Answer: D

• Question 20:

  Refer to the exhibit.

  

  Based on the threat hunting event details shown in the exhibit, which two statements about the event are true? (Choose two.)

  A. The PING EXE process was blocked

  B. The user fortinet has executed a ping command

  C. The activity event is associated with the file action

  D. There are no MITRE details available for this event

  Correct Answer: BD