ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_EDR-5.0

Fortinet NSE5_EDR-5.0 Practice Test - Questions Answers, Page 2

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which scripting language is supported by the FortiEDR action managed?
Which connectors can you use for the FortiEDR automated incident response? (Choose two.)
Refer to the exhibits. The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port. Based on the netstat command output what must you do to resolve the connectivity issue?
Refer to the exhibit. Based on the postman output shown in the exhibit why is the user getting an unauthorized error?
Which two types of remote authentication does the FortiEDR management console support? (Choose two.)
Refer to the exhibits. The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?
How does FortiEDR implement post-infection protection?
Which two statements about the FortiEDR solution are true? (Choose two.)
An administrator finds a third party free software on a user's computer mat does not appear in me application list in the communication control console Which two statements are true about this situation? (Choose two)
Refer to the exhibit. Based on the threat hunting query shown in the exhibit which of the following is true?

Question 11

Report
Export
Collapse

Which connectors can you use for the FortiEDR automated incident response? (Choose two.)

A.
FortiNAC
A.
FortiNAC
Answers
B.
FortiGate
B.
FortiGate
Answers
C.
FortiSiem
C.
FortiSiem
Answers
D.
FortiSandbox
D.
FortiSandbox
Answers
Suggested answer: B, C

Question 12

Report
Export
Collapse

What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?

A.
The core is responsible for all classifications if FCS playbooks are disabled
A.
The core is responsible for all classifications if FCS playbooks are disabled
Answers
B.
The core only assigns a classification if FCS is not available
B.
The core only assigns a classification if FCS is not available
Answers
C.
FCS revises the classification of the core based on its database
C.
FCS revises the classification of the core based on its database
Answers
D.
FCS is responsible for all classifications
D.
FCS is responsible for all classifications
Answers
Suggested answer: C

Question 13

Report
Export
Collapse

Refer to the exhibit.

Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)

A.
The collector device has windows firewall enabled
A.
The collector device has windows firewall enabled
Answers
B.
The collector has been installed with an incorrect port number
B.
The collector has been installed with an incorrect port number
Answers
C.
The collector has been installed with an incorrect registration password
C.
The collector has been installed with an incorrect registration password
Answers
D.
The collector device cannot reach the central manager
D.
The collector device cannot reach the central manager
Answers
Suggested answer: B, D

Question 14

Report
Export
Collapse

A company requires a global communication policy for a FortiEDR multi-tenant environment.

How can the administrator achieve this?

A.
An administrator creates a new communication control policy and shares it with other organizations
A.
An administrator creates a new communication control policy and shares it with other organizations
Answers
B.
A local administrator creates new a communication control policy and shares it with other organizations
B.
A local administrator creates new a communication control policy and shares it with other organizations
Answers
C.
A local administrator creates a new communication control policy and assigns it globally to all organizations
C.
A local administrator creates a new communication control policy and assigns it globally to all organizations
Answers
D.
An administrator creates a new communication control policy for each organization
D.
An administrator creates a new communication control policy for each organization
Answers
Suggested answer: C

Question 15

Report
Export
Collapse

Refer to the exhibit.

Based on the event exception shown in the exhibit which two statements about the exception are true? (Choose two)

A.
A partial exception is applied to this event
A.
A partial exception is applied to this event
Answers
B.
FCS playbooks is enabled by Fortinet support
B.
FCS playbooks is enabled by Fortinet support
Answers
C.
The exception is applied only on device C8092231196
C.
The exception is applied only on device C8092231196
Answers
D.
The system owner can modify the trigger rules parameters
D.
The system owner can modify the trigger rules parameters
Answers
Suggested answer: A, C

Question 16

Report
Export
Collapse

Which two statements are true about the remediation function in the threat hunting module?

(Choose two.)

A.
The file is removed from the affected collectors
A.
The file is removed from the affected collectors
Answers
B.
The threat hunting module sends the user a notification to delete the file
B.
The threat hunting module sends the user a notification to delete the file
Answers
C.
The file is quarantined
C.
The file is quarantined
Answers
D.
The threat hunting module deletes files from collectors that are currently online.
D.
The threat hunting module deletes files from collectors that are currently online.
Answers
Suggested answer: B, C

Question 17

Report
Export
Collapse

Exhibit.

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

A.
An exception has been created for this event
A.
An exception has been created for this event
Answers
B.
The forensics data is displayed m the stacks view
B.
The forensics data is displayed m the stacks view
Answers
C.
The device has been isolated
C.
The device has been isolated
Answers
D.
The exfiltration prevention policy has blocked this event
D.
The exfiltration prevention policy has blocked this event
Answers
Suggested answer: C, D

Question 18

Report
Export
Collapse

The FortiEDR axe classified an event as inconclusive, out a few seconds later FCS revised the classification to malicious. What playbook actions ate applied to the event?

A.
Playbook actions applied to inconclusive events
A.
Playbook actions applied to inconclusive events
Answers
B.
Playbook actions applied to handled events
B.
Playbook actions applied to handled events
Answers
C.
Playbook actions applied to suspicious events
C.
Playbook actions applied to suspicious events
Answers
D.
Playbook actions applied to malicious events
D.
Playbook actions applied to malicious events
Answers
Suggested answer: D

Question 19

Report
Export
Collapse

Which threat hunting profile is the most resource intensive?

A.
Comprehensive
A.
Comprehensive
Answers
B.
Inventory
B.
Inventory
Answers
C.
Default
C.
Default
Answers
D.
Standard Collection
D.
Standard Collection
Answers
Suggested answer: A

Question 20

Report
Export
Collapse

Which two types of remote authentication does the FortiEDR management console support?

(Choose two.)

A.
Radius
A.
Radius
Answers
B.
SAML
B.
SAML
Answers
C.
TACACS
C.
TACACS
Answers
D.
LDAP
D.
LDAP
Answers
Suggested answer: A, D
Total 30 questions
Go to page: of 3
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms