Fortinet NSE5_EDR-5.0 Exam Practice Test Instant Access

Question 1

Which scripting language is supported by the FortiEDR action managed?

ATCL

BPython

CPerl

DBash

Answer : A

Question 2

Refer to the exhibit.

Based on the threat hunting query shown in the exhibit which of the following is true?

ARDP connections will be blocked and classified as suspicious

BA security event will be triggered when the device attempts a RDP connection

CThis query is included in other organizations

DThe query will only check for network category

Answer : B

Question 3

Exhibit.

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

AThe device is moved to isolation.

BPlaybooks is configured for this event.

CThe event has been blocked

DThe policy is in simulation mode

Answer : B, D

Question 4

Refer to the exhibit.

Based on the postman output shown in the exhibit why is the user getting an unauthorized error?

AThe user has been assigned Admin and Rest API roles

BFortiEDR requires a password reset the first time a user logs in

CPostman cannot reach the central manager

DAPI access is disabled on the central manager

Answer : A

Question 5

Which FortiEDR component is required to find malicious files on the entire network of an organization?

AFortiEDR Aggregator

BFortiEDR Central Manager

CFortiEDR Threat Hunting Repository

DFortiEDR Core

Answer : A

Question 6

How does FortiEDR implement post-infection protection?

ABy preventing data exfiltration or encryption even after a breach occurs

BBy using methods used by traditional EDR

CBy insurance against ransomware

DBy real-time filtering to prevent malware from executing

Answer : D

Question 7

Which connectors can you use for the FortiEDR automated incident response? (Choose two.)

AFortiNAC

BFortiGate

CFortiSiem

DFortiSandbox

Answer : B, C

Fortinet NSE 5 - FortiEDR 5.0 NSE5_EDR-5.0 Exam Practice Test