ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_EDR-5.0

Fortinet NSE5_EDR-5.0 Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which connectors can you use for the FortiEDR automated incident response? (Choose two.)
Which scripting language is supported by the FortiEDR action managed?
Refer to the exhibits. The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port. Based on the netstat command output what must you do to resolve the connectivity issue?
How does FortiEDR implement post-infection protection?
Refer to the exhibit. Based on the postman output shown in the exhibit why is the user getting an unauthorized error?
Which two types of remote authentication does the FortiEDR management console support? (Choose two.)
Refer to the exhibits. The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?
Which two statements about the FortiEDR solution are true? (Choose two.)
An administrator finds a third party free software on a user's computer mat does not appear in me application list in the communication control console Which two statements are true about this situation? (Choose two)
FortiXDR relies on which feature as part of its automated extended response?

Question 1

Report
Export
Collapse

What is the purpose of the Threat Hunting feature?

A.
Delete any file from any collector in the organization
A.
Delete any file from any collector in the organization
Answers
B.
Find and delete all instances of a known malicious file or hash in the organization
B.
Find and delete all instances of a known malicious file or hash in the organization
Answers
C.
Identify all instances of a known malicious file or hash and notify affected users
C.
Identify all instances of a known malicious file or hash and notify affected users
Answers
D.
Execute playbooks to isolate affected collectors in the organization
D.
Execute playbooks to isolate affected collectors in the organization
Answers
Suggested answer: C

Question 2

Report
Export
Collapse

How does FortiEDR implement post-infection protection?

A.
By preventing data exfiltration or encryption even after a breach occurs
A.
By preventing data exfiltration or encryption even after a breach occurs
Answers
B.
By using methods used by traditional EDR
B.
By using methods used by traditional EDR
Answers
C.
By insurance against ransomware
C.
By insurance against ransomware
Answers
D.
By real-time filtering to prevent malware from executing
D.
By real-time filtering to prevent malware from executing
Answers
Suggested answer: D

Question 3

Report
Export
Collapse

Exhibit.

Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)

A.
The device cannot be remediated
A.
The device cannot be remediated
Answers
B.
The event was blocked because the certificate is unsigned
B.
The event was blocked because the certificate is unsigned
Answers
C.
Device C8092231196 has been isolated
C.
Device C8092231196 has been isolated
Answers
D.
The execution prevention policy has blocked this event.
D.
The execution prevention policy has blocked this event.
Answers
Suggested answer: B, C

Question 4

Report
Export
Collapse

What is the benefit of using file hash along with the file name in a threat hunting repository search?

A.
It helps to make sure the hash is really a malware
A.
It helps to make sure the hash is really a malware
Answers
B.
It helps to check the malware even if the malware variant uses a different file name
B.
It helps to check the malware even if the malware variant uses a different file name
Answers
C.
It helps to find if some instances of the hash are actually associated with a different file
C.
It helps to find if some instances of the hash are actually associated with a different file
Answers
D.
It helps locate a file as threat hunting only allows hash search
D.
It helps locate a file as threat hunting only allows hash search
Answers
Suggested answer: C

Question 5

Report
Export
Collapse

Exhibit.

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

A.
The device is moved to isolation.
A.
The device is moved to isolation.
Answers
B.
Playbooks is configured for this event.
B.
Playbooks is configured for this event.
Answers
C.
The event has been blocked
C.
The event has been blocked
Answers
D.
The policy is in simulation mode
D.
The policy is in simulation mode
Answers
Suggested answer: B, D

Question 6

Report
Export
Collapse

An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account.

What role should the administrator assign to this account?

A.
Admin
A.
Admin
Answers
B.
User
B.
User
Answers
C.
Local Admin
C.
Local Admin
Answers
D.
REST API
D.
REST API
Answers
Suggested answer: C

Question 7

Report
Export
Collapse

Refer to the exhibit.

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

A.
The NGAV policy has blocked TestApplication exe
A.
The NGAV policy has blocked TestApplication exe
Answers
B.
TestApplication exe is sophisticated malware
B.
TestApplication exe is sophisticated malware
Answers
C.
The user was able to launch TestApplication exe
C.
The user was able to launch TestApplication exe
Answers
D.
FCS classified the event as malicious
D.
FCS classified the event as malicious
Answers
Suggested answer: A, B

Question 8

Report
Export
Collapse

Refer to the exhibits.

The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port.

Based on the netstat command output what must you do to resolve the connectivity issue?

A.
Reinstall collector agent and use port 443
A.
Reinstall collector agent and use port 443
Answers
B.
Reinstall collector agent and use port 8081
B.
Reinstall collector agent and use port 8081
Answers
C.
Reinstall collector agent and use port 555
C.
Reinstall collector agent and use port 555
Answers
D.
Reinstall collector agent and use port 6514
D.
Reinstall collector agent and use port 6514
Answers
Suggested answer: B

Question 9

Report
Export
Collapse

Refer to the exhibits.

The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?

A.
Deny application in Finance policy
A.
Deny application in Finance policy
Answers
B.
Assign Finance policy to DBA group
B.
Assign Finance policy to DBA group
Answers
C.
Assign Finance policy to Default Collector Group
C.
Assign Finance policy to Default Collector Group
Answers
D.
Assign Simulation Communication Control Policy to DBA group
D.
Assign Simulation Communication Control Policy to DBA group
Answers
Suggested answer: D

Question 10

Report
Export
Collapse

Refer to the exhibit.

Based on the threat hunting query shown in the exhibit which of the following is true?

A.
RDP connections will be blocked and classified as suspicious
A.
RDP connections will be blocked and classified as suspicious
Answers
B.
A security event will be triggered when the device attempts a RDP connection
B.
A security event will be triggered when the device attempts a RDP connection
Answers
C.
This query is included in other organizations
C.
This query is included in other organizations
Answers
D.
The query will only check for network category
D.
The query will only check for network category
Answers
Suggested answer: B
Total 30 questions
Go to page: of 3
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms