A company requires a global exception for a FortiEDR multi-tenant environment. How can the administrator achieve this?

The administrator can create a new exception and assign it globally to all organizations.

The local administrator can create a new exception and share it with other organizations.

A user account can create a new exception and share it with other organizations.

The administrator can create a new exception policy for each organization hosted on FortiEDR.

What is the purpose of the Threat Hunting feature?

Find and delete all instances of a known malicious file or hash in the organization

Execute playbooks to isolate affected collectors in the organization

Delete any file from any collector in the organization

Identify all instances of a known malicious file or hash and notify affected users

Which two investigation issues requires a full memory dump of the FortiEDR collector? (Choose two.)

Collector and core connectivity issue events

How does FortiEDR implement post-infection protection?

By preventing data exfiltration or encryption even after a breach occurs

By insurance against ransomware

By real-time filtering to prevent malware from executing

By using methods used by traditional EDR

What is the benefit of using file hash along with the file name in a threat hunting repository search?

It helps to check the malware even if the malware variant uses a different file name.

It helps to make sure the hash is really a malware.

It helps to find if some instances of the hash are actually associated with a different file.

It helps locate a file as threat hunting only allows hash search.

What is the role of a collector in the communication control policy?

A collector records applications that communicate externally

A collector is used to change the reputation score of any application that collector runs

A collector can quarantine unsafe applications from communicating

A collector blocks unsafe applications from running

How does the FortiEDR approach compare to the traditional EDR? (Choose two.)

FortiEDR blocks threats in real time, eliminating the response gap

There is no difference in response time

Which two events can trigger FortiEDR NGAV policy violations? (Choose two.)

When a malicious file is executed

When a malicious file attempts to communicate externally

When a malicious file attempts to access data

An administrator finds a third party free software on a user’s computer that does not appear in the application list in the communication control console. Which two statements are true about this situation? (Choose two.)

The application is blocked by the security policies

The application has not made any connection attempts

The application is allowed in all communication control policies

The application is ignored as the reputation score is acceptable by the security policy

What is true about classifications assigned by Fortinet Cloud Service (FCS)?

FCS revises the classification of the core based on its database.

The core only assigns a classification if FCS is not available.

FCS is responsible for all classifications.

The core is responsible for all classifications if FCS playbooks are disabled.

Which statement is true about the flow analyzer view in forensics?

It displays a graphic flow diagram.

Two events can be compared side-by-side.

It shows details about processes and sub processes.

The stack memory of a specific device can be retrieved.

The FortiEDR core classified an event as inconclusive, but a few seconds later FCS revised the classification to malicious. What playbook actions are applied to the event?

Playbook actions applied to malicious events

Playbook actions applied to suspicious events

Playbook actions applied to inconclusive events

Playbook actions applied to handled events

When installing a FortiEDR collector, why is a ‘Registration Password’ for collectors needed?

To restrict installation and uninstallation of collectors

To verify Fortinet support request

To restrict access to the management console

An administrator finds that a newly installed collector does not display on the INVENTORY tab in the central manager. What two troubleshooting steps must the administrator perform? (Choose two.)

Verify TCP ports 8081 and 555 are open.

Check if the FortiEDR services are running on the collector device.

Export the collector logs from the central manager.

Verify the central manager has connectivity to FCS.

With respect to operating FortiEDR, what does proactive risk mitigation refer to?

Automatically blocking applications from communicating if they have a poor reputation or CVE score

Automatically blocking users from installing unauthorized applications

Automatically blocking endpoints from communicating to network resources

Automatically blocking communication from all applications unless they are specifically enabled

A FortiEDR security event is causing a performance issue with a third-party application. What must you do first about the event?

Investigate the event to verify whether or not the application is safe

Terminate the process and uninstall the third-party application

Immediately create an exception

Which two criteria are requirements of integrating FortiEDR into the Fortinet Security Fabric? (Choose two.)

Central Manager connected to FCS

A valid API user with access to connectors

Core with Core only functionality

What is true about the Payroll Manager.exe event?

A rule assigned action is set to block but the policy is in simulation mode

An event has not been handled by a console admin

An event has been handled by the communication control policy

Based on the event exception shown in the exhibit, which two statements about the exception are true? (Choose two.)

FCS playbooks is enabled by Fortinet support.

The exception is applied only on device C8092231196.

The system owner can modify the trigger rules parameters.

A partial exception is applied to this event.

Based on the postman output shown in the exhibit, why is the user getting an unauthorized error?

FortiEDR requires a password reset the first time a user logs in.

Postman cannot reach the central manager.

API access is disabled on the central manager.

The user has been assigned Admin and Rest API roles.

The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port. Based on the netstat command output what must you do to resolve the connectivity issue?

Reinstall collector agent and use port 8081

Reinstall collector agent and use port 555

Reinstall collector agent and use port 443

Reinstall collector agent and use port 6514

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

The forensics data is displayed in the stacks view.

An exception has been created for this event.

The exfiltration prevention policy has blocked this event.

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

The policy is in simulation mode.

Playbooks is configured for this event.

The device is moved to isolation.

The exhibits show application policy logs and application details. Collector C8092231196 is a member of the Finance group. What must an administrator do to block the FileZilla application?

Assign Finance policy to DBA group

Deny application in Finance policy

Assign Finance policy to Default Collector Group

Assign Simulation Communication Control Policy to DBA group

Based on the threat hunting event details shown in the exhibit, which two statements about the event are true? (Choose two.)

The user fortinet has executed a ping command.

There are no MITRE details available for this event.

The activity event is associated with the file action.

The PING.EXE process was blocked.

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

TestApplication.exe is sophisticated malware.

The user was able to launch TestApplication.exe.

The NGAV policy has blocked TestApplication.exe.

FCS classified the event as malicious.

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

The device cannot be remediated

The execution prevention policy has blocked this event.

The event was blocked because the certificate is unsigned.

Device C8092231196 has been isolated.

Based on the threat hunting query shown in the exhibit, which of the following is true?

A security event will be triggered when the device attempts a RDP connection.

This query is included in other organizations.

The query will only check for network category.

RDP connections will be blocked and classified as suspicious.

Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)

The collector has been installed with an incorrect port number.

The collector has been installed with an incorrect registration password.

The collector device has windows firewall enabled.

The collector device cannot reach the central manager.

EXAM NSE5_EDR-5.0

Authored by David Peña

Instructional Technology

Professional Development

Used 18+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

42 questions

Show all answers

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two types of remote authentication does the FortiEDR management console support? (Choose two.)

TACACS

Radius

LDAP

SAML

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two types of traffic are allowed while the device is in isolation mode? (Choose two.)

HTTP sessions

ICMP sessions

Incoming RDP connections

Outgoing SSH connections

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which FortiEDR component must have JumpBox functionality to connect with FortiAnalyzer?

Collector

Aggregator

Core

Central manager

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two statements are true about the remediation function in the threat hunting module? (Choose two.)

The file is quarantined.

The file is removed from the affected collectors.

The threat hunting module deletes files from collectors that are currently online.

The threat hunting module sends the user a notification to delete the file.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which FortiEDR component is required to find malicious files on the entire network of an organization?

FortiEDR Core

FortiEDR Central Manager

FortiEDR Threat Hunting Repository

FortiEDR Aggregator

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company requires a global communication policy for a FortiEDR multi-tenant environment.
How can the administrator achieve this?

An administrator creates a new communication control policy and shares it with other organizations.

A local administrator creates a new communication control policy and shares it with other organizations.

A local administrator creates a new communication control policy and assigns it globally to all organizations.

An administrator creates a new communication control policy for each organization.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

FortiXDR relies on which feature as part of its automated extended response?

Security Policies

Forensic

Playbooks

Communication Control

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

40 questions

Pre-test prep

Quiz

•

Professional Development

37 questions

Control Systems Quiz

Quiz

•

Professional Development

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Instructional Technology

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L5_22-23

Lesson

•

KG - Professional Dev...

10 questions

March Quiz

Quiz

•

Professional Development

5 questions

Copy of G5_U6_L8_22-23

Lesson

•

KG - Professional Dev...

10 questions

suffixes FUL OR LESS

Quiz

•

Professional Development

EXAM NSE5_EDR-5.0

Which two types of remote authentication does the FortiEDR management console support? (Choose two.)

Which two types of traffic are allowed while the device is in isolation mode? (Choose two.)

Which FortiEDR component must have JumpBox functionality to connect with FortiAnalyzer?

Which two statements are true about the remediation function in the threat hunting module? (Choose two.)

Which FortiEDR component is required to find malicious files on the entire network of an organization?

A company requires a global communication policy for a FortiEDR multi-tenant environment.How can the administrator achieve this?

FortiXDR relies on which feature as part of its automated extended response?

A company requires a global exception for a FortiEDR multi-tenant environment.How can the administrator achieve this?

An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account.What role should the administrator assign to this account?

What is the purpose of the Threat Hunting feature?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

A company requires a global communication policy for a FortiEDR multi-tenant environment.
How can the administrator achieve this?

A company requires a global exception for a FortiEDR multi-tenant environment.

How can the administrator achieve this?

An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account.
What role should the administrator assign to this account?