nse5_edr-50 Exam - Question 3

A. False. NGAV is execution prevention. https://docs.fortinet.com/document/fortiedr/5.2.1/administration-guide/354083/introducing-fortiedr B. False. It should say "by FortinetCloudServices" C. True. Mostly because A & B are false. D. True. Exfiltration happens after execution.

A. TRUE. NGAV is execution prevention."This blocks the execution of files that are identified as malicious or suspected to be malicious." I find this in the link: https://docs.fortinet.com/document/fortiedr/5.2.1/administration-guide/354083/introducing-fortiedr B. False. It should say "by FortinetCloudServices" C. True. D. FALSE. The NGAV will block it

the correct answer is C and D. Similar cenario available on the FortiEDR Lab Guide pag 38 "Stop and think! Why wasn’t the process caught by the Execution Prevention policy like you saw earlier? Because, in some cases, with brand new or very sophisticated malware, NGAV cannot detect the attack. This is when the post-infection prevention policies really shine. An unrecognized malicious program may occasionally be allowed to launch, but FortiEDR will stop it before it is able to cause harm."

correct answer A & C

a= false because NGAV is exectuion prevention b= false because i is not "by fortinetCloudServices

The file was executed. As you can see in the screenshot the Exfiltration Policy was invoked, therefore this policy is invoked in the post infection phase of the EDR protection method. So if it is in the post infection phase, then NGAV was not capable to block the execution of the file.

CD is the right answer !

the correct answer is C and D.