NSE5_EDR-5.0 Online Practice Questions and Answers
What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?
A. The core is responsible for all classifications if FCS playbooks are disabled
B. The core only assigns a classification if FCS is not available
C. FCS revises the classification of the core based on its database
D. FCS is responsible for all classifications
Exhibit.
Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)
A. An exception has been created for this event
B. The forensics data is displayed m the stacks view
C. The device has been isolated
D. The exfiltration prevention policy has blocked this event
Refer to the exhibit.
Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)
A. The collector device has windows firewall enabled
B. The collector has been installed with an incorrect port number
C. The collector has been installed with an incorrect registration password
D. The collector device cannot reach the central manager
Which two statements about the FortiEDR solution are true? (Choose two.)
A. It provides pre-infection and post-infection protection
B. It is Windows OS only
C. It provides central management
D. It provides pant-to-point protection
What is the benefit of using file hash along with the file name in a threat hunting repository search?
A. It helps to make sure the hash is really a malware
B. It helps to check the malware even if the malware variant uses a different file name
C. It helps to find if some instances of the hash are actually associated with a different file
D. It helps locate a file as threat hunting only allows hash search
The FortiEDR axe classified an event as inconclusive, out a few seconds later FCS revised the classification to malicious.
What playbook actions ate applied to the event?
A. Playbook actions applied to inconclusive events
B. Playbook actions applied to handled events
C. Playbook actions applied to suspicious events
D. Playbook actions applied to malicious events
FortiXDR relies on which feature as part of its automated extended response?
A. Playbooks
B. Security Policies
C. Forensic
D. Communication Control
Which FortiEDR component must have JumpBox functionality to connect with FortiAnalyzer?
A. Collector
B. Core
C. Central manager
D. Aggregator
Which two types of traffic are allowed while the device is in isolation mode? (Choose two.)
A. Outgoing SSH connections
B. HTTP sessions
C. ICMP sessions D. Incoming RDP connections
Which two events can trigger FortiEDR NGAV policy violations? (Choose two.)
A. When a malicious file attempts to communicate externally
B. When a malicious file is executed
C. When a malicious file is read
D. When a malicious file attempts to access data
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2024 leads4pass.com.