Which FortiEDR component is required to find malicious files on the entire network of an organization?

FortiEDR Threat Hunting Repository

What is the role of a collector in the communication control policy?

A collector records applications that communicate externally

A collector is used to change the reputation score of any application that collector runs

A collector can quarantine unsafe applications from communicating

A collector blocks unsafe applications from running

A company requires a global communication policy for a FortiEDR multi-tenant environment. How can the administrator achieve this?

An administrator creates a new communication control policy for each organization.

An administrator creates a new communication control policy and shares it with other organizations.

A local administrator creates a new communication control policy and shares it with other organizations.

A local administrator creates a new communication control policy and assigns it globally to all organizations.

What is the benefit of using file hash along with the file name in a threat hunting repository search?

It helps to check the malware even if the malware variant uses a different file name.

It helps to make sure the hash is really a malware.

It helps to find if some instances of the hash are actually associated with a different file.

It helps locate a file as threat hunting only allows hash search.

A FortiEDR security event is causing a performance issue with a third-party application. What must you do first about the event?

Investigate the event to verify whether or not the application is safe

Terminate the process and uninstall the third-party application

Immediately create an exception

What is the purpose of the Threat Hunting feature?

Find and delete all instances of a known malicious file or hash in the organization

Execute playbooks to isolate affected collectors in the organization

Delete any file from any collector in the organization

Identify all instances of a known malicious file or hash and notify affected users

Refer to the exhibit. Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)

The collector has been installed with an incorrect port number.

The collector has been installed with an incorrect registration password.

The collector device has windows firewall enabled.

The collector device cannot reach the central manager. Reveal Solution Discussion 2

Which two statements about the FortiEDR solution are true? (Choose two.)

It provides pre-infection and post-infection protection

It provides point-to-point protection

Refer to the exhibit. Based on the postman output shown in the exhibit, why is the user getting an unauthorized error?

FortiEDR requires a password reset the first time a user logs in.

Postman cannot reach the central manager.

API access is disabled on the central manager.

The user has been assigned Admin and Rest API roles.

EDR example

Authored by Hector Cuello

Computers

Professional Development

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is true about classifications assigned by Fortinet Cloud Service (FCS)?

FCS revises the classification of the core based on its database.

The core only assigns a classification if FCS is not available.

FCS is responsible for all classifications.

The core is responsible for all classifications if FCS playbooks are disabled.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

The device cannot be remediated.

The execution prevention policy has blocked this event.

The event was blocked because the certificate is unsigned.

Device C8092231196 has been isolated.

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

The NGAV policy has blocked TestApplication.exe.

FCS classified the event as malicious.

TestApplication.exe is sophisticated malware.

The user was able to launch TestApplication.exe.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

How does FortiEDR implement post-infection protection?

By insurance against ransomware

By preventing data exfiltration or encryption even after a breach occurs

By real-time filtering to prevent malware from executing

By using methods used by traditional EDR

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which scripting language is supported by the FortiEDR action manager?

TCL

Bash

Perl

Python

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which security policy has all of its rules disabled by default?

Exfiltration Prevention

Execution Prevention

Device Control

Ransomware Prevention

MULTIPLE SELECT QUESTION

2 mins • 1 pt

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

The policy is in simulation mode.

The device is moved to isolation.

The event has been blocked.

Playbooks is configured for this event.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

Programming - Screening Test

Quiz

•

3rd Grade - Professio...

15 questions

Website Analytics Quiz

Quiz

•

Professional Development

20 questions

DDC23-24_Semi-Final Quiz

Quiz

•

Professional Development

15 questions

Telco Practice Test 1

Quiz

•

Professional Development

15 questions

Technical Training

Quiz

•

Professional Development

16 questions

Cyber Resilience Training

Quiz

•

Professional Development

20 questions

Computers

Quiz

•

7th Grade - Professio...

15 questions

Website Practical Assessment

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

10 questions

How to Email your Teacher

Quiz

•

Professional Development

6 questions

3RD GRADE DECLARATION OF INDEPENDENCE EXIT TICKET

Quiz

•

Professional Development

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

22 questions

Multiplying Exponents with the Same Base

Quiz

•

9th Grade - Professio...

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...

EDR example

What is true about classifications assigned by Fortinet Cloud Service (FCS)?

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

How does FortiEDR implement post-infection protection?

Which scripting language is supported by the FortiEDR action manager?

Which security policy has all of its rules disabled by default?

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

Which connectors can you use for the FortiEDR automated incident response? (Choose two.)

Which FortiEDR component is required to find malicious files on the entire network of an organization?

Which threat hunting profile is the most resource intensive?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers