Which two investigation issues requires a full memory dump of the FortiEDR collector? (Choose two.)
Which two investigation issues requires a full memory dump of the FortiEDR collector? (Choose two.)
When investigating issues on the FortiEDR collector, a full memory dump is required for both system hang and system crash issues. A system hang issue necessitates capturing the full memory to analyze the state of the system when it becomes unresponsive. Similarly, a system crash issue, such as a blue screen of death, requires a full memory dump to understand the cause of the crash by examining the memory contents at the time of the failure.
A & C - Study Guide - pg. 250
The correct answer is A and C. Study guide page 250.
the correct answer is A and C.
option A and C "For a *system hang*, create a manual crash dump, then gather a full memory dump while the system is hanging. For a *system crash*, or blue screen of death (BSoD), verify that the BSoD occurred, then gather a full memory dump while the system is hanging".