Page: 1
/ 3
Total 48 questions
What is the purpose of the Threat Hunting feature?
- A. Execute playbooks to isolate affected collectors in the organization
- B. Find and delete all instances of a known malicious file or hash in the organization
- C. Delete any file from any collector in the organization
- D. Identify all instances of a known malicious file or hash and notify affected users
Answer : D
Refer to the exhibit.
Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)
- A. The collector device has windows firewall enabled.
- B. The collector has been installed with an incorrect port number.
- C. The collector has been installed with an incorrect registration password.
- D. The collector device cannot reach the central manager.
Answer : CD
Which two statements about the FortiEDR solution are true? (Choose two.)
- A. It provides point-to-point protection
- B. It provides central management
- C. It provides pre-infection and post-infection protection
- D. It is Windows OS only
Answer : CD
Which two types of remote authentication does the FortiEDR management console support? (Choose two.)
- A. TACACS
- B. LDAP
- C. SAML
- D. Radius
Answer : AD
Refer to the exhibit.
Based on the postman output shown in the exhibit, why is the user getting an unauthorized error?
- A. Postman cannot reach the central manager.
- B. API access is disabled on the central manager.
- C. The user has been assigned Admin and Rest API roles.
- D. FortiEDR requires a password reset the first time a user logs in.
Answer : B
Refer to the exhibit.
Based on the threat hunting event details shown in the exhibit, which two statements about the event are true? (Choose two.)
- A. The activity event is associated with the file action.
- B. The user fortinet has executed a ping command.
- C. The PING.EXE process was blocked.
- D. There are no MITRE details available for this event.
Answer : AC
Refer to the exhibit.
Based on the event exception shown in the exhibit, which two statements about the exception are true? (Choose two.)
- A. FCS playbooks is enabled by Fortinet support.
- B. The system owner can modify the trigger rules parameters.
- C. The exception is applied only on device C8092231196.
- D. A partial exception is applied to this event.
Answer : BC
The FortiEDR core classified an event as inconclusive, but a few seconds later FCS revised the classification to malicious.
What playbook actions are applied to the event?
- A. Playbook actions applied to suspicious events
- B. Playbook actions applied to inconclusive events
- C. Playbook actions applied to handled events
- D. Playbook actions applied to malicious events
Answer : D
FortiXDR relies on which feature as part of its automated extended response?
- A. Security Policies
- B. Forensic
- C. Playbooks
- D. Communication Control
Answer : C
Refer to the exhibits.
The exhibits show application policy logs and application details. Collector C8092231196 is a member of the Finance group.
What must an administrator do to block the FileZilla application?
- A. Deny application in Finance policy
- B. Assign Finance policy to DBA group
- C. Assign Finance policy to Default Collector Group
- D. Assign Simulation Communication Control Policy to DBA group
Answer : A
Which two statements are true about the remediation function in the threat hunting module? (Choose two.)
- A. The threat hunting module deletes files from collectors that are currently online.
- B. The file is quarantined.
- C. The threat hunting module sends the user a notification to delete the file.
- D. The file is removed from the affected collectors.
Answer : BD
An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account.
What role should the administrator assign to this account?
- A. User
- B. Admin
- C. Local Admin
- D. REST API
Answer : C
An administrator finds a third party free software on a user’s computer that does not appear in the application list in the communication control console.
Which two statements are true about this situation? (Choose two.)
- A. The application is allowed in all communication control policies
- B. The application is blocked by the security policies
- C. The application is ignored as the reputation score is acceptable by the security policy
- D. The application has not made any connection attempts
Answer : CD
Refer to the exhibits.
The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port.
Based on the netstat command output what must you do to resolve the connectivity issue?
- A. Reinstall collector agent and use port 555
- B. Reinstall collector agent and use port 443
- C. Reinstall collector agent and use port 6514
- D. Reinstall collector agent and use port 8081
Answer : D
Refer to the exhibit.
Based on the threat hunting query shown in the exhibit, which of the following is true?
- A. A security event will be triggered when the device attempts a RDP connection.
- B. This query is included in other organizations.
- C. The query will only check for network category.
- D. RDP connections will be blocked and classified as suspicious.
Answer : D
30 days access 