ExamGecko
Login
Home / Fortinet / NSE5_EDR-5.0 / List of questions
Ask Question

Fortinet NSE5_EDR-5.0 Practice Test - Questions Answers

List of questions

Question 1

Report Export Collapse

What is the purpose of the Threat Hunting feature?

Delete any file from any collector in the organization
Delete any file from any collector in the organization
Find and delete all instances of a known malicious file or hash in the organization
Find and delete all instances of a known malicious file or hash in the organization
Identify all instances of a known malicious file or hash and notify affected users
Identify all instances of a known malicious file or hash and notify affected users
Execute playbooks to isolate affected collectors in the organization
Execute playbooks to isolate affected collectors in the organization
Suggested answer: C
asked 18/09/2024
Peter Klaffehn
45 questions

Question 2

Report Export Collapse

How does FortiEDR implement post-infection protection?

By preventing data exfiltration or encryption even after a breach occurs
By preventing data exfiltration or encryption even after a breach occurs
By using methods used by traditional EDR
By using methods used by traditional EDR
By insurance against ransomware
By insurance against ransomware
By real-time filtering to prevent malware from executing
By real-time filtering to prevent malware from executing
Suggested answer: D
asked 18/09/2024
Jim McKay
34 questions

Question 3

Report Export Collapse

Exhibit.

Fortinet NSE5_EDR-5.0 image Question 3 26260 09182024185956000000

Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)

The device cannot be remediated
The device cannot be remediated
The event was blocked because the certificate is unsigned
The event was blocked because the certificate is unsigned
Device C8092231196 has been isolated
Device C8092231196 has been isolated
The execution prevention policy has blocked this event.
The execution prevention policy has blocked this event.
Suggested answer: B, C
asked 18/09/2024
Justin Kim
38 questions

Question 4

Report Export Collapse

What is the benefit of using file hash along with the file name in a threat hunting repository search?

It helps to make sure the hash is really a malware
It helps to make sure the hash is really a malware
It helps to check the malware even if the malware variant uses a different file name
It helps to check the malware even if the malware variant uses a different file name
It helps to find if some instances of the hash are actually associated with a different file
It helps to find if some instances of the hash are actually associated with a different file
It helps locate a file as threat hunting only allows hash search
It helps locate a file as threat hunting only allows hash search
Suggested answer: C
asked 18/09/2024
Haithem Hadef
31 questions

Question 5

Report Export Collapse

Exhibit.

Fortinet NSE5_EDR-5.0 image Question 5 26262 09182024185956000000

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

The device is moved to isolation.
The device is moved to isolation.
Playbooks is configured for this event.
Playbooks is configured for this event.
The event has been blocked
The event has been blocked
The policy is in simulation mode
The policy is in simulation mode
Suggested answer: B, D
asked 18/09/2024
Peter Unterasinger
42 questions

Question 6

Report Export Collapse

An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account.

What role should the administrator assign to this account?

Admin
Admin
User
User
Local Admin
Local Admin
REST API
REST API
Suggested answer: C
asked 18/09/2024
Van Raoul Datuin
32 questions

Question 7

Report Export Collapse

Refer to the exhibit.

Fortinet NSE5_EDR-5.0 image Question 7 26264 09182024185956000000

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

The NGAV policy has blocked TestApplication exe
The NGAV policy has blocked TestApplication exe
TestApplication exe is sophisticated malware
TestApplication exe is sophisticated malware
The user was able to launch TestApplication exe
The user was able to launch TestApplication exe
FCS classified the event as malicious
FCS classified the event as malicious
Suggested answer: A, B
asked 18/09/2024
Gift Thanyane
33 questions

Question 8

Report Export Collapse

Refer to the exhibits.

Fortinet NSE5_EDR-5.0 image Question 8 26265 09182024185956000000

Fortinet NSE5_EDR-5.0 image Question 8 26265 09182024185956000000

The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port.

Based on the netstat command output what must you do to resolve the connectivity issue?

Reinstall collector agent and use port 443
Reinstall collector agent and use port 443
Reinstall collector agent and use port 8081
Reinstall collector agent and use port 8081
Reinstall collector agent and use port 555
Reinstall collector agent and use port 555
Reinstall collector agent and use port 6514
Reinstall collector agent and use port 6514
Suggested answer: B
asked 18/09/2024
Marcos Losa Torviso
53 questions

Question 9

Report Export Collapse

Refer to the exhibits.

Fortinet NSE5_EDR-5.0 image Question 9 26266 09182024185956000000

Fortinet NSE5_EDR-5.0 image Question 9 26266 09182024185956000000

The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?

Deny application in Finance policy
Deny application in Finance policy
Assign Finance policy to DBA group
Assign Finance policy to DBA group
Assign Finance policy to Default Collector Group
Assign Finance policy to Default Collector Group
Assign Simulation Communication Control Policy to DBA group
Assign Simulation Communication Control Policy to DBA group
Suggested answer: D
asked 18/09/2024
Higher System Consultancy
41 questions

Question 10

Report Export Collapse

Refer to the exhibit.

Fortinet NSE5_EDR-5.0 image Question 10 26267 09182024185956000000

Based on the threat hunting query shown in the exhibit which of the following is true?

RDP connections will be blocked and classified as suspicious
RDP connections will be blocked and classified as suspicious
A security event will be triggered when the device attempts a RDP connection
A security event will be triggered when the device attempts a RDP connection
This query is included in other organizations
This query is included in other organizations
The query will only check for network category
The query will only check for network category
Suggested answer: B
asked 18/09/2024
Robert Smith
36 questions
Total 30 questions
Go to page: of 3
Open VPLUS File
Convert VPLUS to PDF

Related questions

How does FortiEDR implement post-infection protection?
Which connectors can you use for the FortiEDR automated incident response? (Choose two.)
What is the purpose of the Threat Hunting feature?
Which security policy has all of its rules disabled by default?
Which two types of remote authentication does the FortiEDR management console support? (Choose two.)
Refer to the exhibits. The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?
Refer to the exhibits. The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port. Based on the netstat command output what must you do to resolve the connectivity issue?
Refer to the exhibit. Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)
Which two statements about the FortiEDR solution are true? (Choose two.)
Which FortiEDR component is required to find malicious files on the entire network of an organization?