Fortinet NSE5_EDR-5.0 - Fortinet NSE 5 - FortiEDR 5.0 Exam
Page: 1 / 9
Total 44 questions
Question #1 (Topic: Exam A)
What is true about classifications assigned by Fortinet Cloud Service (FCS)?
A. FCS revises the classification of the core based on its database.
B. The core only assigns a classification if FCS is not available.
C. FCS is responsible for all classifications.
D. The core is responsible for all classifications if FCS playbooks are disabled.
Answer: C
Question #2 (Topic: Exam A)
Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)
A. The device cannot be remediated.
B. The execution prevention policy has blocked this event.
C. The event was blocked because the certificate is unsigned.
D. Device C8092231196 has been isolated.
Answer: CD
Question #3 (Topic: Exam A)
Refer to the exhibit.
Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)
Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)
A. The NGAV policy has blocked TestApplication.exe.
B. FCS classified the event as malicious.
C. TestApplication.exe is sophisticated malware.
D. The user was able to launch TestApplication.exe.
Answer: AB
Question #4 (Topic: Exam A)
How does FortiEDR implement post-infection protection?
A. By insurance against ransomware
B. By preventing data exfiltration or encryption even after a breach occurs
C. By real-time filtering to prevent malware from executing
D. By using methods used by traditional EDR
Answer: B
Question #5 (Topic: Exam A)
Which scripting language is supported by the FortiEDR action manager?
A. TCL
B. Bash
C. Perl
D. Python
Answer: D
