Download Fortinet NSE 5 -FortiEDR 5-0.VCEPlus.NSE5_EDR-5.0.2022-11-15.1e.30q.vcex

Download Exam

File Info

Exam Fortinet NSE 5 - FortiEDR 5.0
Number NSE5_EDR-5.0
File Name Fortinet NSE 5 -FortiEDR 5-0.VCEPlus.NSE5_EDR-5.0.2022-11-15.1e.30q.vcex
Size 1.87 Mb
Posted November 15, 2022
Downloads 1
Download Fortinet NSE 5 -FortiEDR 5-0.VCEPlus.NSE5_EDR-5.0.2022-11-15.1e.30q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Purchase

Coupon: MASTEREXAM
With discount: 20%



 
 



Demo Questions

Question 1

What is the purpose of the Threat Hunting feature?

  • A: Delete any file from any collector in the organization
  • B: Find and delete all instances of a known malicious file or hash in the organization
  • C: Identify all instances of a known malicious file or hash and notify affected users
  • D: Execute playbooks to isolate affected collectors in the organization

Correct Answer: C




Question 2

How does FortiEDR implement post-infection protection?

  • A: By preventing data exfiltration or encryption even after a breach occurs
  • B: By using methods used by traditional EDR
  • C: By insurance against ransomware
  • D: By real-time filtering to prevent malware from executing

Correct Answer: D




Question 3

Exhibit.

   

Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)

  • A: The device cannot be remediated
  • B: The event was blocked because the certificate is unsigned
  • C: Device C8092231196 has been isolated
  • D: The execution prevention policy has blocked this event.

Correct Answer: BC




Question 4

What is the benefit of using file hash along with the file name in a threat hunting repository search?

  • A: It helps to make sure the hash is really a malware
  • B: It helps to check the malware even if the malware variant uses a different file name
  • C: It helps to find if some instances of the hash are actually associated with a different file
  • D: It helps locate a file as threat hunting only allows hash search

Correct Answer: C




Question 5

Exhibit.

   

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

  • A: The device is moved to isolation.
  • B: Playbooks is configured for this event.
  • C: The event has been blocked
  • D: The policy is in simulation mode

Correct Answer: BD




Question 6

An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account.
What role should the administrator assign to this account?

  • A: Admin
  • B: User
  • C: Local Admin
  • D: REST API

Correct Answer: C




Question 7

Refer to the exhibit.

   

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

  • A: The NGAV policy has blocked TestApplication exewww.VCEplus.io
  • B: TestApplication exe is sophisticated malware
  • C: The user was able to launch TestApplication exe
  • D: FCS classified the event as malicious

Correct Answer: AB




Question 8

Refer to the exhibits.

   

   

The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port.
Based on the netstat command output what must you do to resolve the connectivity issue?

  • A: Reinstall collector agent and use port 443
  • B: Reinstall collector agent and use port 8081
  • C: Reinstall collector agent and use port 555
  • D: Reinstall collector agent and use port 6514

Correct Answer: B




Question 9

Refer to the exhibits.

   

   

The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?

  • A: Deny application in Finance policy
  • B: Assign Finance policy to DBA group
  • C: Assign Finance policy to Default Collector Groupwww.VCEplus.io
  • D: Assign Simulation Communication Control Policy to DBA group

Correct Answer: D




Question 10

Refer to the exhibit.

   

Based on the threat hunting query shown in the exhibit which of the following is true?

  • A: RDP connections will be blocked and classified as suspicious
  • B: A security event will be triggered when the device attempts a RDP connectionwww.VCEplus.io
  • C: This query is included in other organizations
  • D: The query will only check for network category

Correct Answer: B










CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!



HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files