NSE 5 FortiEDR 4.2 Sample Questions Started on Monday, May 17, 2021, 8:28 AM State Finished Completed on Monday, May 1
Views 460 Downloads 52 File size 119KB
NSE 5 FortiEDR 4.2 Sample Questions Started on Monday, May 17, 2021, 8:28 AM State Finished Completed on Monday, May 17, 2021, 8:32 AM Time taken 3 mins 59 secs Points 9/10 Grade 85 out of 100 Question 1
What does “Response Gap” feature mean on FortiEDR?
Correct 1 points out of 1
Select one: The malware that is not detected by antivirus software The delay between the public release of the malware and the availability of a patch The malware that is not detected by manual EDR The delay between detecting a problem and responding to it
Question 2
What format must API calls use to communicate with FortiEDR?
Correct 1 points out of 1
Select one: XML JSON CSV HTML
Question 3
Which are two reasons why PowerShell is used by so many malware campaigns? (Choose two.)
Partially correct 1 points out of 1
Select one or more: It is built into virtually all Windows machines. It has an easy-to-use GUI. Its deep system integration gives it access to almost all Windows features and functions. PowerShell attacks are undetectable.
Question 4 Incorrect
In the default view, what do you see in the Collectors list when you click on the Inventory tab?
0 points out of 1
Select one: All collectors in your organization that are in a Disconnected state All collectors in your organization All collectors in your organization that are in a Degraded state All collectors in your organization that are currently connected
Question 5
What does it mean if an event is marked as Unhandled?
Correct 1 points out of 1
Select one: No console user has viewed the event details. No exceptions have been created for the event. No console user has evaluated the event and marked it as handled.
The currently logged in user has not handled the event.
Question 6
What are two advantages to using communication control rules? (Choose two.)
Correct 1 points out of 1
Select one or more: They apply only to existing applications and versions. They are always based on an application vulnerability rating. They automatically block at-risk applications from communicating. They reduce the amount of administration required to maintain communication control.
Question 7 Correct
You are investigating an event triggered by WannaCry. You check a process hash VirusTotal and find that it is rated as a safe process from a trusted source. What is the most likely reason?
1 points out of 1
Select one: VirusTotal mistakenly thinks WannaCry is a safe process The stack you selected is not the stack that triggered the event, so its source process may not be malicious WannaCry is using the process hash of a safe file The event is a false positive: WannaCry is a safe process
Question 8
What are three advantages of FortiEDR collector agent? (Choose three.)
Correct 1 points out of 1
Select one or more: It lives in the cloud It combines NGAV and post-infection protection in one agent It requires only 30 MB of disk space and 60 MB of memory It uses less than 1% CPU It requires a dedicated CPU core
Question 9
Which two statements about FCS playbooks are true? (Choose two.)
Correct 1 points out of 1
Select one or more: They apply automatic exceptions. They revise event classifications. They must be enabled by Fortinet Support. They control notifications.
Question 10
Approximately how many new malware samples can AV-TEST detect every day?
Correct 1 points out of 1
Select one: 350,000 3,500 35,000 3,500,000