nse5_edr-50

Here you have the best Fortinet nse5_edr-50 practice exam questions

  • You have 44 total questions to study from
  • Each page has 5 questions, making a total of 9 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 16, 2024
Question 1 of 44

What is true about classifications assigned by Fortinet Cloud Service (FCS)?

    Correct Answer: A

    FCS revises the classification of the core based on its database. This statement reflects that Fortinet Cloud Service uses its database to update and refine the classifications. This implies an ongoing process where FCS is integral to ensuring the classifications are current and accurate.

Question 2 of 44

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

    Correct Answer: A, B

    The device cannot be remediated because the 'Remediate' button is greyed out, indicating that remediation is not possible in this instance. Additionally, the event was blocked by the execution prevention policy, as indicated by the red block icon in the event graph, signifying that the malicious action was stopped during its execution phase. There is no indication that the device has been isolated nor is there evidence that the event was blocked solely because the certificate is unsigned.

Question 3 of 44

Refer to the exhibit.

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

    Correct Answer: C, D

    TestApplication.exe is identified as sophisticated malware based on the triggered Exfiltration Prevention rules, which are invoked after execution, indicating it bypassed the initial detection. This means the user was able to launch TestApplication.exe, as the post-execution rules were applied, signifying the program executed on the system.

Question 4 of 44

How does FortiEDR implement post-infection protection?

    Correct Answer: B

    FortiEDR implements post-infection protection by preventing data exfiltration or encryption even after a breach occurs. This means that even if an attacker manages to compromise the system, FortiEDR can stop the attacker from accessing or taking the data out of the organization, thereby limiting the damage.

Question 5 of 44

Which scripting language is supported by the FortiEDR action manager?

    Correct Answer: D

    The scripting language supported by the FortiEDR action manager is Python. Python is widely used in automation and scripting tasks, which makes it a suitable choice for such applications.