Fortinet NSE5_EDR-5.0 Exam Questions Instant Access

Question 1

What is the purpose of the Threat Hunting feature?

ADelete any file from any collector in the organization

BFind and delete all instances of a known malicious file or hash in the organization

CIdentify all instances of a known malicious file or hash and notify affected users

DExecute playbooks to isolate affected collectors in the organization

Answer : C

Question 2

Exhibit.

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

AThe device is moved to isolation.

BPlaybooks is configured for this event.

CThe event has been blocked

DThe policy is in simulation mode

Answer : B, D

Question 3

Refer to the exhibit.

Based on the threat hunting query shown in the exhibit which of the following is true?

ARDP connections will be blocked and classified as suspicious

BA security event will be triggered when the device attempts a RDP connection

CThis query is included in other organizations

DThe query will only check for network category

Answer : B

Question 4

Exhibit.

Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)

AThe device cannot be remediated

BThe event was blocked because the certificate is unsigned

CDevice C8092231196 has been isolated

DThe execution prevention policy has blocked this event.

Answer : B, C

Question 5

What is the role of a collector in the communication control policy?

AA collector blocks unsafe applications from running

BA collector is used to change the reputation score of any application that collector runs

CA collector records applications that communicate externally

DA collector can quarantine unsafe applications from communicating

Answer : A

Question 6

What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?

AThe core is responsible for all classifications if FCS playbooks are disabled

BThe core only assigns a classification if FCS is not available

CFCS revises the classification of the core based on its database

DFCS is responsible for all classifications

Answer : C

Question 7

Which two statements are true about the remediation function in the threat hunting module? (Choose two.)

AThe file is removed from the affected collectors

BThe threat hunting module sends the user a notification to delete the file

CThe file is quarantined

DThe threat hunting module deletes files from collectors that are currently online.

Answer : B, C

Fortinet NSE 5 - FortiEDR 5.0 NSE5_EDR-5.0 Exam Questions