ExamGecko
Login
Home / Fortinet / NSE5_EDR-5.0 / List of questions
Ask Question

Fortinet NSE5_EDR-5.0 Practice Test - Questions Answers, Page 2

List of questions

Question 11

Report Export Collapse

Which connectors can you use for the FortiEDR automated incident response? (Choose two.)

FortiNAC
FortiNAC
FortiGate
FortiGate
FortiSiem
FortiSiem
FortiSandbox
FortiSandbox
Suggested answer: B, C
asked 18/09/2024
Carol MejΓƒ­a
36 questions

Question 12

Report Export Collapse

What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?

The core is responsible for all classifications if FCS playbooks are disabled
The core is responsible for all classifications if FCS playbooks are disabled
The core only assigns a classification if FCS is not available
The core only assigns a classification if FCS is not available
FCS revises the classification of the core based on its database
FCS revises the classification of the core based on its database
FCS is responsible for all classifications
FCS is responsible for all classifications
Suggested answer: C
asked 18/09/2024
Michael Geary
42 questions

Question 13

Report Export Collapse

Refer to the exhibit.

Fortinet NSE5_EDR-5.0 image Question 13 26270 09182024185956000000

Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)

The collector device has windows firewall enabled
The collector device has windows firewall enabled
The collector has been installed with an incorrect port number
The collector has been installed with an incorrect port number
The collector has been installed with an incorrect registration password
The collector has been installed with an incorrect registration password
The collector device cannot reach the central manager
The collector device cannot reach the central manager
Suggested answer: B, D
asked 18/09/2024
Kabi Bashala
37 questions

Question 14

Report Export Collapse

A company requires a global communication policy for a FortiEDR multi-tenant environment.

How can the administrator achieve this?

An administrator creates a new communication control policy and shares it with other organizations
An administrator creates a new communication control policy and shares it with other organizations
A local administrator creates new a communication control policy and shares it with other organizations
A local administrator creates new a communication control policy and shares it with other organizations
A local administrator creates a new communication control policy and assigns it globally to all organizations
A local administrator creates a new communication control policy and assigns it globally to all organizations
An administrator creates a new communication control policy for each organization
An administrator creates a new communication control policy for each organization
Suggested answer: C
asked 18/09/2024
Vagner Nicodemo
35 questions

Question 15

Report Export Collapse

Refer to the exhibit.

Fortinet NSE5_EDR-5.0 image Question 15 26272 09182024185956000000

Based on the event exception shown in the exhibit which two statements about the exception are true? (Choose two)

A partial exception is applied to this event
A partial exception is applied to this event
FCS playbooks is enabled by Fortinet support
FCS playbooks is enabled by Fortinet support
The exception is applied only on device C8092231196
The exception is applied only on device C8092231196
The system owner can modify the trigger rules parameters
The system owner can modify the trigger rules parameters
Suggested answer: A, C
asked 18/09/2024
Ehsan Ali
46 questions

Question 16

Report Export Collapse

Which two statements are true about the remediation function in the threat hunting module?

(Choose two.)

The file is removed from the affected collectors
The file is removed from the affected collectors
The threat hunting module sends the user a notification to delete the file
The threat hunting module sends the user a notification to delete the file
The file is quarantined
The file is quarantined
The threat hunting module deletes files from collectors that are currently online.
The threat hunting module deletes files from collectors that are currently online.
Suggested answer: B, C
asked 18/09/2024
Hicham Jellab
50 questions

Question 17

Report Export Collapse

Exhibit.

Fortinet NSE5_EDR-5.0 image Question 17 26274 09182024185956000000

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

An exception has been created for this event
An exception has been created for this event
The forensics data is displayed m the stacks view
The forensics data is displayed m the stacks view
The device has been isolated
The device has been isolated
The exfiltration prevention policy has blocked this event
The exfiltration prevention policy has blocked this event
Suggested answer: C, D
asked 18/09/2024
Nguyen Tan Hung
54 questions

Question 18

Report Export Collapse

The FortiEDR axe classified an event as inconclusive, out a few seconds later FCS revised the classification to malicious. What playbook actions ate applied to the event?

Become a Premium Member for full access
  Unlock Premium Member

Question 19

Report Export Collapse

Which threat hunting profile is the most resource intensive?

Become a Premium Member for full access
  Unlock Premium Member

Question 20

Report Export Collapse

Which two types of remote authentication does the FortiEDR management console support?

(Choose two.)

Become a Premium Member for full access
  Unlock Premium Member
Total 30 questions
Go to page: of 3
Open VPLUS File
Convert VPLUS to PDF

Related questions

How does FortiEDR implement post-infection protection?
Which connectors can you use for the FortiEDR automated incident response? (Choose two.)
What is the purpose of the Threat Hunting feature?
Which security policy has all of its rules disabled by default?
Which two types of remote authentication does the FortiEDR management console support? (Choose two.)
Refer to the exhibits. The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?
Refer to the exhibits. The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port. Based on the netstat command output what must you do to resolve the connectivity issue?
Refer to the exhibit. Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)
Which two statements about the FortiEDR solution are true? (Choose two.)
Which FortiEDR component is required to find malicious files on the entire network of an organization?