Examice

Exam nse5_edr-50 All QuestionsBrowse all questions from this exam

Go to Exam

Question 22

Refer to the exhibit.

Based on the event exception shown in the exhibit, which two statements about the exception are true? (Choose two.)

FCS playbooks is enabled by Fortinet support.

The system owner can modify the trigger rules parameters.

The exception is applied only on device C8092231196.

A partial exception is applied to this event.

Correct Answer: A, B

The exception settings indicate that FortinetCloudServices (FCS) playbooks manage the exception, which suggests that FCS playbooks are enabled by Fortinet support. Additionally, the system owner has the capability to modify the trigger rules parameters, indicating flexibility in managing exceptions. While the exception mentions a specific device, exceptions in FortiEDR generally apply to collector groups rather than individual devices, and the status of covering all raw data items implies a complete exception, not a partial one.

Discussion

fran484Options: AB

To me correct answers are A & B. C is not because in FortiEDR you don't apply anything to just one device but a collector group and the image shows the exception is applied to All Groups (unless device C8092231196 is the only device with a collector). D is not because in the image it shows that "All the Raw Data items are covered"

LatrelOptions: AB

correct answers are A & B C is incorret, like @fran484 answer, exceptions are applied to the collector group and not to a specific device.

joeytribOptions: AC

the correct answer are AC

kilmar.sandovalOptions: AB

B [True] - Note that if automatic exceptions are enabled, the system owner must follow up all automated exceptions. fortinet is not liable for any exception created by FCS. [Modify in needed] C [False] - Exceptions can only be defined for Collector Groups. If you would like to define an exception for a specific Collector, then create a Collector Group that only contains that Collector. D [False] - As you see, Exception is not partial. Collector groups [All], Destinations [All], Users[All]

Dani_PrimeOptions: AB

The correct answers are A and B. I have been able to check B on my FortiEDR console.

thinasci01Options: CD

the correct answer is C and D.

TeachTrooperOptions: CD

CD study guide page 108

soporte127

why D ?