ExamGecko
Login
Home / Fortinet / NSE5_EDR-5.0 / List of questions
Ask Question

Fortinet NSE5_EDR-5.0 Practice Test - Questions Answers

Add to Whishlist

List of questions

Question 1

Report Export Collapse

What is the purpose of the Threat Hunting feature?

Delete any file from any collector in the organization
Delete any file from any collector in the organization
Find and delete all instances of a known malicious file or hash in the organization
Find and delete all instances of a known malicious file or hash in the organization
Identify all instances of a known malicious file or hash and notify affected users
Identify all instances of a known malicious file or hash and notify affected users
Execute playbooks to isolate affected collectors in the organization
Execute playbooks to isolate affected collectors in the organization
Suggested answer: C
asked 18/09/2024
Peter Klaffehn
45 questions

Question 2

Report Export Collapse

How does FortiEDR implement post-infection protection?

By preventing data exfiltration or encryption even after a breach occurs
By preventing data exfiltration or encryption even after a breach occurs
By using methods used by traditional EDR
By using methods used by traditional EDR
By insurance against ransomware
By insurance against ransomware
By real-time filtering to prevent malware from executing
By real-time filtering to prevent malware from executing
Suggested answer: D
asked 18/09/2024
Jim McKay
41 questions

Question 3

Report Export Collapse

Exhibit.

Fortinet NSE5_EDR-5.0 image Question 3 26260 09182024185956000000

Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)

The device cannot be remediated
The device cannot be remediated
The event was blocked because the certificate is unsigned
The event was blocked because the certificate is unsigned
Device C8092231196 has been isolated
Device C8092231196 has been isolated
The execution prevention policy has blocked this event.
The execution prevention policy has blocked this event.
Suggested answer: B, C
asked 18/09/2024
Justin Kim
41 questions

Question 4

Report Export Collapse

What is the benefit of using file hash along with the file name in a threat hunting repository search?

It helps to make sure the hash is really a malware
It helps to make sure the hash is really a malware
It helps to check the malware even if the malware variant uses a different file name
It helps to check the malware even if the malware variant uses a different file name
It helps to find if some instances of the hash are actually associated with a different file
It helps to find if some instances of the hash are actually associated with a different file
It helps locate a file as threat hunting only allows hash search
It helps locate a file as threat hunting only allows hash search
Suggested answer: C
asked 18/09/2024
Haithem Hadef
37 questions

Question 5

Report Export Collapse

Exhibit.

Fortinet NSE5_EDR-5.0 image Question 5 26262 09182024185956000000

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

The device is moved to isolation.
The device is moved to isolation.
Playbooks is configured for this event.
Playbooks is configured for this event.
The event has been blocked
The event has been blocked
The policy is in simulation mode
The policy is in simulation mode
Suggested answer: B, D
asked 18/09/2024
Peter Unterasinger
46 questions

Question 6

Report Export Collapse

An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account.

What role should the administrator assign to this account?

Become a Premium Member for full access
  Unlock Premium Member

Question 7

Report Export Collapse

Refer to the exhibit.

Fortinet NSE5_EDR-5.0 image Question 7 26264 09182024185956000000

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

Become a Premium Member for full access
  Unlock Premium Member

Question 8

Report Export Collapse

Refer to the exhibits.

Fortinet NSE5_EDR-5.0 image Question 8 26265 09182024185956000000

Fortinet NSE5_EDR-5.0 image Question 8 26265 09182024185956000000

The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port.

Based on the netstat command output what must you do to resolve the connectivity issue?

Become a Premium Member for full access
  Unlock Premium Member

Question 9

Report Export Collapse

Refer to the exhibits.

Fortinet NSE5_EDR-5.0 image Question 9 26266 09182024185956000000

Fortinet NSE5_EDR-5.0 image Question 9 26266 09182024185956000000

The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?

Become a Premium Member for full access
  Unlock Premium Member

Question 10

Report Export Collapse

Refer to the exhibit.

Fortinet NSE5_EDR-5.0 image Question 10 26267 09182024185956000000

Based on the threat hunting query shown in the exhibit which of the following is true?

Become a Premium Member for full access
  Unlock Premium Member
Total 30 questions
Go to page: of 3
Open VPLUS File
Convert VPLUS to PDF

Related questions

How does FortiEDR implement post-infection protection?
Which connectors can you use for the FortiEDR automated incident response? (Choose two.)
What is the purpose of the Threat Hunting feature?
Which security policy has all of its rules disabled by default?
Which two types of remote authentication does the FortiEDR management console support? (Choose two.)
Refer to the exhibits. The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?
Refer to the exhibits. The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port. Based on the netstat command output what must you do to resolve the connectivity issue?
Refer to the exhibit. Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)
Which two statements about the FortiEDR solution are true? (Choose two.)
Which FortiEDR component is required to find malicious files on the entire network of an organization?