Fortinet NSE5_EDR-5.0 Exam Practice Test Instant Access

Question 1

Refer to the exhibits.

The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port.

Based on the netstat command output what must you do to resolve the connectivity issue?

AReinstall collector agent and use port 443

BReinstall collector agent and use port 8081

CReinstall collector agent and use port 555

DReinstall collector agent and use port 6514

Answer : B

Question 2

What is the role of a collector in the communication control policy?

AA collector blocks unsafe applications from running

BA collector is used to change the reputation score of any application that collector runs

CA collector records applications that communicate externally

DA collector can quarantine unsafe applications from communicating

Answer : A

Question 3

Refer to the exhibit.

Based on the postman output shown in the exhibit why is the user getting an unauthorized error?

AThe user has been assigned Admin and Rest API roles

BFortiEDR requires a password reset the first time a user logs in

CPostman cannot reach the central manager

DAPI access is disabled on the central manager

Answer : A

Question 4

Exhibit.

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

AThe device is moved to isolation.

BPlaybooks is configured for this event.

CThe event has been blocked

DThe policy is in simulation mode

Answer : B, D

Question 5

Exhibit.

Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)

AThe device cannot be remediated

BThe event was blocked because the certificate is unsigned

CDevice C8092231196 has been isolated

DThe execution prevention policy has blocked this event.

Answer : B, C

Question 6

Exhibit.

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

AAn exception has been created for this event

BThe forensics data is displayed m the stacks view

CThe device has been isolated

DThe exfiltration prevention policy has blocked this event

Answer : C, D

Question 7

Which security policy has all of its rules disabled by default?

ADevice Control

BRansomware Prevention

CExecution Prevention

DExfiltration Prevention

Answer : B

Fortinet NSE5_EDR-5.0 Fortinet NSE 5 - FortiEDR 5.0 Exam Practice Test