Fortinet NSE 5 - FortiEDR 5.0

Here you have the best Fortinet NSE5_EDR-5.0 practice exam questions

  • You have 44 total questions across 9 pages (5 per page)
  • These questions were last updated on March 20, 2026
  • This site is not affiliated with or endorsed by Fortinet.
Question 1 of 44
What is true about classifications assigned by Fortinet Cloud Service (FCS)?
Answer

Suggested Answer

The suggested answer is A.

FCS revises the classification of the core based on its database. This statement reflects that Fortinet Cloud Service uses its database to update and refine the classifications. This implies an ongoing process where FCS is integral to ensuring the classifications are current and accurate.

Community Votes3 votes
ASuggested
67%
D
33%
Question 2 of 44
Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)
Exam NSE5_EDR-5.0: Question 2 - Image 1
Answer

Suggested Answer

The suggested answer is A, B.

The device cannot be remediated because the 'Remediate' button is greyed out, indicating that remediation is not possible in this instance. Additionally, the event was blocked by the execution prevention policy, as indicated by the red block icon in the event graph, signifying that the malicious action was stopped during its execution phase. There is no indication that the device has been isolated nor is there evidence that the event was blocked solely because the certificate is unsigned.

Community Votes7 votes
ABSuggested
100%
Question 3 of 44
Refer to the exhibit.
Exam NSE5_EDR-5.0: Question 3 - Image 1
Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)
Answer

Suggested Answer

The suggested answer is C, D.

TestApplication.exe is identified as sophisticated malware based on the triggered Exfiltration Prevention rules, which are invoked after execution, indicating it bypassed the initial detection. This means the user was able to launch TestApplication.exe, as the post-execution rules were applied, signifying the program executed on the system.

Community Votes8 votes
CDSuggested
63%
AC
38%
Question 4 of 44
How does FortiEDR implement post-infection protection?
Answer

Suggested Answer

The suggested answer is B.

FortiEDR implements post-infection protection by preventing data exfiltration or encryption even after a breach occurs. This means that even if an attacker manages to compromise the system, FortiEDR can stop the attacker from accessing or taking the data out of the organization, thereby limiting the damage.

Community Votes8 votes
BSuggested
100%
Question 5 of 44
Which scripting language is supported by the FortiEDR action manager?
Answer

Suggested Answer

The suggested answer is D.

The scripting language supported by the FortiEDR action manager is Python. Python is widely used in automation and scripting tasks, which makes it a suitable choice for such applications.

Community Votes1 vote
DSuggested
100%

About the Fortinet NSE5_EDR-5.0 Certification Exam

About the Exam

The Fortinet NSE5_EDR-5.0 (Fortinet NSE 5 - FortiEDR 5.0) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 44 practice questions across 9 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our NSE5_EDR-5.0 questions are regularly updated to reflect the latest exam objectives.