Exam:NSE5 _ EDR-5.0
Title: https://www.passcert.com/NSE5_EDR-5.0.html
1.Refertotheexhibit.
Basedonthethreathuntingqueryshownintheexhibitwhichofthefollowingistrue?
ARDPconnectionswillbeblockedandclassifiedassuspicious
BAsecurityeventwillbetriggeredwhenthedeviceattemptsaRDPconnection
CThisqueryisincludedinotherorganizations
DThequerywillonlycheckfornetworkcategory
Answer:B
2WhatisthepurposeoftheThreatHuntingfeature?
A.Deleteanyfilefromanycollectorintheorganization
BFindanddeleteallinstancesofaknownmaliciousfileorhashintheorganization
C.Identifyallinstancesofaknownmaliciousfileorhashandnotifyaffectedusers
DExecuteplaybookstoisolateaffectedcollectorsintheorganization
Answer:C
3Refertotheexhibit
BasedontheFortiEDRstatusoutputshownintheexhibit,whichtwostatementsabouttheFortiEDR
collectoraretrue?(Choosetwo.)
AThecollectordevicehaswindowsfirewallenabled
B.Thecollectorhasbeeninstalledwithanincorrectportnumber
CThecollectorhasbeeninstalledwithanincorrectregistrationpassword
DThecollectordevicecannotreachthecentralmanager
Answer:B,D
4Exhibit
Basedontheforensicsdatashownintheexhibitwhichtwostatementsaretrue?(Choosetwo)
A.Thedevicecannotberemediated
BTheeventwasblockedbecausethecertificateisunsigned
CDeviceC8092231196hasbeenisolated
DTheexecutionpreventionpolicyhasblockedthisevent
Answer:B,C
5Exhibit
Basedontheforensicsdatashownintheexhibit,whichtwostatementsaretrue?(Choosetwo)
A.Anexceptionhasbeencreatedforthisevent
BTheforensicsdataisdisplayedmthestacksview
C.Thedevicehasbeenisolated
DTheexfiltrationpreventionpolicyhasblockedthisevent
Answer:C,D
6WhatistrueaboutclassificationsassignedbyFortinetCloudSen/ice(FCS)?
AThecoreisresponsibleforallclassificationsifFCSplaybooksaredisabled
BThecoreonlyassignsaclassificationifFCSisnotavailable
CFCSrevisestheclassificationofthecorebasedonitsdatabase
DFCSisresponsibleforallclassifications
Answer:C