• Author / Uploaded
• Cven

Citation preview

 NSE 5 FortiEDR 4.2 Sample Questions Started on Monday, May 17, 2021, 8:28 AM State Finished Completed on Monday, May 17, 2021, 8:32 AM Time taken 3 mins 59 secs Points 9/10 Grade 85 out of 100 Question 1

What does “Response Gap” feature mean on FortiEDR?

Correct 1 points out of 1

Select one: The malware that is not detected by antivirus software The delay between the public release of the malware and the availability of a patch The malware that is not detected by manual EDR The delay between detecting a problem and responding to it 

Question 2

What format must API calls use to communicate with FortiEDR?

Correct 1 points out of 1

Select one: XML JSON  CSV HTML

Question 3

Which are two reasons why PowerShell is used by so many malware campaigns? (Choose two.)

Partially correct 1 points out of 1

Select one or more: It is built into virtually all Windows machines. It has an easy-to-use GUI. Its deep system integration gives it access to almost all Windows features and functions.  PowerShell attacks are undetectable.

Question 4 Incorrect

In the default view, what do you see in the Collectors list when you click on the Inventory tab?

0 points out of 1

Select one: All collectors in your organization that are in a Disconnected state All collectors in your organization All collectors in your organization that are in a Degraded state All collectors in your organization that are currently connected 

Question 5

What does it mean if an event is marked as Unhandled?

Correct 1 points out of 1

Select one: No console user has viewed the event details. No exceptions have been created for the event. No console user has evaluated the event and marked it as handled. 

The currently logged in user has not handled the event.

Question 6

What are two advantages to using communication control rules? (Choose two.)

Correct 1 points out of 1

Select one or more: They apply only to existing applications and versions. They are always based on an application vulnerability rating. They automatically block at-risk applications from communicating.  They reduce the amount of administration required to maintain communication control. 

Question 7 Correct

You are investigating an event triggered by WannaCry. You check a process hash VirusTotal and find that it is rated as a safe process from a trusted source. What is the most likely reason?

1 points out of 1

Select one: VirusTotal mistakenly thinks WannaCry is a safe process The stack you selected is not the stack that triggered the event, so its source process may not be malicious  WannaCry is using the process hash of a safe file The event is a false positive: WannaCry is a safe process

Question 8

What are three advantages of FortiEDR collector agent? (Choose three.)

Correct 1 points out of 1

Select one or more: It lives in the cloud It combines NGAV and post-infection protection in one agent  It requires only 30 MB of disk space and 60 MB of memory  It uses less than 1% CPU  It requires a dedicated CPU core

Question 9

Which two statements about FCS playbooks are true? (Choose two.)

Correct 1 points out of 1

Select one or more: They apply automatic exceptions.  They revise event classifications. They must be enabled by Fortinet Support.  They control notifications.

Question 10

Approximately how many new malware samples can AV-TEST detect every day?

Correct 1 points out of 1

Select one: 350,000  3,500 35,000 3,500,000