Download Fortinet.NSE5_EDR-5.0.VCEplus.2024-08-29.25q.tqb

Download Exam

File Info

Exam Fortinet NSE 5 - FortiEDR 5.0
Number NSE5_EDR-5.0
File Name Fortinet.NSE5_EDR-5.0.VCEplus.2024-08-29.25q.tqb
Size 2 MB
Posted Aug 29, 2024
Download Fortinet.NSE5_EDR-5.0.VCEplus.2024-08-29.25q.tqb

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%



Exam Hub discount


Demo Questions

Question 1

What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?


  1. The core is responsible for all classifications if FCS playbooks are disabled
  2. The core only assigns a classification if FCS is not available
  3. FCS revises the classification of the core based on its database
  4. FCS is responsible for all classifications
Correct answer: C



Question 2

Refer to the exhibit.
 
Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)


  1. The collector device has windows firewall enabled
  2. The collector has been installed with an incorrect port number
  3. The collector has been installed with an incorrect registration password
  4. The collector device cannot reach the central manager
Correct answer: BD



Question 3

A company requires a global communication policy for a FortiEDR multi-tenant environment.
How can the administrator achieve this?


  1. An administrator creates a new communication control policy and shares it with other organizations
  2. A local administrator creates new a communication control policy and shares it with other organizations
  3. A local administrator creates a new communication control policy and assigns it globally to all organizations
  4. An administrator creates a new communication control policy for each organization
Correct answer: C



Question 4

Refer to the exhibit.
 
Based on the event exception shown in the exhibit which two statements about the exception are true? (Choose two)


  1. A partial exception is applied to this event
  2. FCS playbooks is enabled by Fortinet support
  3. The exception is applied only on device C8092231196
  4. The system owner can modify the trigger rules parameters
Correct answer: AC



Question 5

Which two statements are true about the remediation function in the threat hunting module?
(Choose two.)


  1. The file is removed from the affected collectors
  2. The threat hunting module sends the user a notification to delete the file
  3. The file is quarantined
  4. The threat hunting module deletes files from collectors that are currently online.
Correct answer: BC



Question 6

Exhibit.
 
Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)


  1. The device cannot be remediated
  2. The event was blocked because the certificate is unsigned
  3. Device C8092231196 has been isolated
  4. The execution prevention policy has blocked this event.
Correct answer: BC



Question 7

What is the benefit of using file hash along with the file name in a threat hunting repository search?


  1. It helps to make sure the hash is really a malware
  2. It helps to check the malware even if the malware variant uses a different file name
  3. It helps to find if some instances of the hash are actually associated with a different file
  4. It helps locate a file as threat hunting only allows hash search
Correct answer: C



Question 8

Exhibit.
 
Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)


  1. The device is moved to isolation.
  2. Playbooks is configured for this event.
  3. The event has been blocked
  4. The policy is in simulation mode
Correct answer: BD



Question 9

An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account.
What role should the administrator assign to this account?


  1. Admin
  2. User
  3. Local Admin
  4. REST API
Correct answer: C



Question 10

Refer to the exhibit.
 
Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)


  1. The NGAV policy has blocked TestApplication exe
  2. TestApplication exe is sophisticated malware
  3. The user was able to launch TestApplication exe
  4. FCS classified the event as malicious
Correct answer: AB









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files