ExamGecko
Search Search Login
Home Home / Fortinet / NSE5_EDR-5.0

Fortinet NSE5_EDR-5.0 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which scripting language is supported by the FortiEDR action managed?
Which connectors can you use for the FortiEDR automated incident response? (Choose two.)
Refer to the exhibits. The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port. Based on the netstat command output what must you do to resolve the connectivity issue?
Refer to the exhibit. Based on the postman output shown in the exhibit why is the user getting an unauthorized error?
Which two types of remote authentication does the FortiEDR management console support? (Choose two.)
Refer to the exhibits. The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?
How does FortiEDR implement post-infection protection?
Which two statements about the FortiEDR solution are true? (Choose two.)
An administrator finds a third party free software on a user's computer mat does not appear in me application list in the communication control console Which two statements are true about this situation? (Choose two)
Refer to the exhibit. Based on the threat hunting query shown in the exhibit which of the following is true?

Question 21

Report
Export
Collapse

FortiXDR relies on which feature as part of its automated extended response?

A.
Playbooks
A.
Playbooks
Answers
B.
Security Policies
B.
Security Policies
Answers
C.
Forensic
C.
Forensic
Answers
D.
Communication Control
D.
Communication Control
Answers
Suggested answer: B

Question 22

Report
Export
Collapse

Refer to the exhibit.

Based on the postman output shown in the exhibit why is the user getting an unauthorized error?

A.
The user has been assigned Admin and Rest API roles
A.
The user has been assigned Admin and Rest API roles
Answers
B.
FortiEDR requires a password reset the first time a user logs in
B.
FortiEDR requires a password reset the first time a user logs in
Answers
C.
Postman cannot reach the central manager
C.
Postman cannot reach the central manager
Answers
D.
API access is disabled on the central manager
D.
API access is disabled on the central manager
Answers
Suggested answer: A

Question 23

Report
Export
Collapse

What is the role of a collector in the communication control policy?

A.
A collector blocks unsafe applications from running
A.
A collector blocks unsafe applications from running
Answers
B.
A collector is used to change the reputation score of any application that collector runs
B.
A collector is used to change the reputation score of any application that collector runs
Answers
C.
A collector records applications that communicate externally
C.
A collector records applications that communicate externally
Answers
D.
A collector can quarantine unsafe applications from communicating
D.
A collector can quarantine unsafe applications from communicating
Answers
Suggested answer: A

Question 24

Report
Export
Collapse

Refer to the exhibit.

Based on the threat hunting event details shown in the exhibit, which two statements about the event are true? (Choose two.)

A.
The PING EXE process was blocked
A.
The PING EXE process was blocked
Answers
B.
The user fortinet has executed a ping command
B.
The user fortinet has executed a ping command
Answers
C.
The activity event is associated with the file action
C.
The activity event is associated with the file action
Answers
D.
There are no MITRE details available for this event
D.
There are no MITRE details available for this event
Answers
Suggested answer: A, D

Question 25

Report
Export
Collapse

An administrator finds a third party free software on a user's computer mat does not appear in me application list in the communication control console Which two statements are true about this situation? (Choose two)

A.
The application is allowed in all communication control policies
A.
The application is allowed in all communication control policies
Answers
B.
The application is ignored as the reputation score is acceptable by the security policy
B.
The application is ignored as the reputation score is acceptable by the security policy
Answers
C.
The application has not made any connection attempts
C.
The application has not made any connection attempts
Answers
D.
The application is blocked by the security policies
D.
The application is blocked by the security policies
Answers
Suggested answer: A, D

Question 26

Report
Export
Collapse

A FortiEDR security event is causing a performance issue with a third-parry application. What must you do first about the event?

A.
Contact Fortinet support
A.
Contact Fortinet support
Answers
B.
Terminate the process and uninstall the third-party application
B.
Terminate the process and uninstall the third-party application
Answers
C.
Immediately create an exception
C.
Immediately create an exception
Answers
D.
Investigate the event to verify whether or not the application is safe
D.
Investigate the event to verify whether or not the application is safe
Answers
Suggested answer: C

Question 27

Report
Export
Collapse

Which scripting language is supported by the FortiEDR action managed?

A.
TCL
A.
TCL
Answers
B.
Python
B.
Python
Answers
C.
Perl
C.
Perl
Answers
D.
Bash
D.
Bash
Answers
Suggested answer: A

Question 28

Report
Export
Collapse

Which FortiEDR component is required to find malicious files on the entire network of an organization?

A.
FortiEDR Aggregator
A.
FortiEDR Aggregator
Answers
B.
FortiEDR Central Manager
B.
FortiEDR Central Manager
Answers
C.
FortiEDR Threat Hunting Repository
C.
FortiEDR Threat Hunting Repository
Answers
D.
FortiEDR Core
D.
FortiEDR Core
Answers
Suggested answer: A

Question 29

Report
Export
Collapse

Which security policy has all of its rules disabled by default?

A.
Device Control
A.
Device Control
Answers
B.
Ransomware Prevention
B.
Ransomware Prevention
Answers
C.
Execution Prevention
C.
Execution Prevention
Answers
D.
Exfiltration Prevention
D.
Exfiltration Prevention
Answers
Suggested answer: B

Question 30

Report
Export
Collapse

Which two statements about the FortiEDR solution are true? (Choose two.)

A.
It provides pre-infection and post-infection protection
A.
It provides pre-infection and post-infection protection
Answers
B.
It is Windows OS only
B.
It is Windows OS only
Answers
C.
It provides central management
C.
It provides central management
Answers
D.
It provides pant-to-point protection
D.
It provides pant-to-point protection
Answers
Suggested answer: A, D

Explanation:


Total 30 questions
Go to page: of 3
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms