nse5_edr-50 Exam QuestionsBrowse all questions from this exam

nse5_edr-50 Exam - Question 22


Refer to the exhibit.

Based on the event exception shown in the exhibit, which two statements about the exception are true? (Choose two.)

Show Answer
Correct Answer: AB

The exception settings indicate that FortinetCloudServices (FCS) playbooks manage the exception, which suggests that FCS playbooks are enabled by Fortinet support. Additionally, the system owner has the capability to modify the trigger rules parameters, indicating flexibility in managing exceptions. While the exception mentions a specific device, exceptions in FortiEDR generally apply to collector groups rather than individual devices, and the status of covering all raw data items implies a complete exception, not a partial one.

Discussion

7 comments
Sign in to comment
fran484Options: AB
Sep 26, 2023

To me correct answers are A & B. C is not because in FortiEDR you don't apply anything to just one device but a collector group and the image shows the exception is applied to All Groups (unless device C8092231196 is the only device with a collector). D is not because in the image it shows that "All the Raw Data items are covered"

joeytribOptions: AC
Jun 1, 2023

the correct answer are AC

LatrelOptions: AB
Nov 13, 2023

correct answers are A & B C is incorret, like @fran484 answer, exceptions are applied to the collector group and not to a specific device.

TeachTrooperOptions: CD
Jun 20, 2023

CD study guide page 108

soporte127
Jul 9, 2023

why D ?

thinasci01Options: CD
Sep 17, 2023

the correct answer is C and D.

Dani_PrimeOptions: AB
Jun 6, 2024

The correct answers are A and B. I have been able to check B on my FortiEDR console.

kilmar.sandovalOptions: AB
Jul 18, 2024

B [True] - Note that if automatic exceptions are enabled, the system owner must follow up all automated exceptions. fortinet is not liable for any exception created by FCS. [Modify in needed] C [False] - Exceptions can only be defined for Collector Groups. If you would like to define an exception for a specific Collector, then create a Collector Group that only contains that Collector. D [False] - As you see, Exception is not partial. Collector groups [All], Destinations [All], Users[All]