Fortinet NSE5_EDR-5.0 Exam Questions Instant Access

Question 1

Refer to the exhibit.

Based on the threat hunting event details shown in the exhibit, which two statements about the event are true? (Choose two.)

AThe PING EXE process was blocked

BThe user fortinet has executed a ping command

CThe activity event is associated with the file action

DThere are no MITRE details available for this event

Answer : A, D

Question 2

Which two statements are true about the remediation function in the threat hunting module? (Choose two.)

AThe file is removed from the affected collectors

BThe threat hunting module sends the user a notification to delete the file

CThe file is quarantined

DThe threat hunting module deletes files from collectors that are currently online.

Answer : B, C

Question 3

Which security policy has all of its rules disabled by default?

ADevice Control

BRansomware Prevention

CExecution Prevention

DExfiltration Prevention

Answer : B

Question 4

Refer to the exhibit.

Based on the threat hunting query shown in the exhibit which of the following is true?

ARDP connections will be blocked and classified as suspicious

BA security event will be triggered when the device attempts a RDP connection

CThis query is included in other organizations

DThe query will only check for network category

Answer : B

Question 5

Exhibit.

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

AThe device is moved to isolation.

BPlaybooks is configured for this event.

CThe event has been blocked

DThe policy is in simulation mode

Answer : B, D

Question 6

What is the benefit of using file hash along with the file name in a threat hunting repository search?

AIt helps to make sure the hash is really a malware

BIt helps to check the malware even if the malware variant uses a different file name

CIt helps to find if some instances of the hash are actually associated with a different file

DIt helps locate a file as threat hunting only allows hash search

Answer : C

Question 7

Which scripting language is supported by the FortiEDR action managed?

ATCL

BPython

CPerl

DBash

Answer : A

Fortinet NSE 5 - FortiEDR 5.0 NSE5_EDR-5.0 Exam Questions