[2023] Use Real Fortinet Dumps - 100% Free NSE5_EDR-5.0 Exam Dumps
Realistic NSE5_EDR-5.0 Dumps Latest Fortinet Practice Tests Dumps
NEW QUESTION # 17
Refer to the exhibits.
The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?
- A. Deny application in Finance policy
- B. Assign Simulation Communication Control Policy to DBA group
- C. Assign Finance policy to Default Collector Group
- D. Assign Finance policy to DBA group
Answer: B
NEW QUESTION # 18
FortiXDR relies on which feature as part of its automated extended response?
- A. Security Policies
- B. Forensic
- C. Communication Control
- D. Playbooks
Answer: A
NEW QUESTION # 19
Which two statements about the FortiEDR solution are true? (Choose two.)
- A. It provides pant-to-point protection
- B. It is Windows OS only
- C. It provides pre-infection and post-infection protection
- D. It provides central management
Answer: A,C
NEW QUESTION # 20
The FortiEDR axe classified an event as inconclusive, out a few seconds later FCS revised the classification to malicious. What playbook actions ate applied to the event?
- A. Playbook actions applied to handled events
- B. Playbook actions applied to malicious events
- C. Playbook actions applied to inconclusive events
- D. Playbook actions applied to suspicious events
Answer: B
NEW QUESTION # 21
Exhibit.
Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)
- A. The event was blocked because the certificate is unsigned
- B. The device cannot be remediated
- C. The execution prevention policy has blocked this event.
- D. Device C8092231196 has been isolated
Answer: A,D
NEW QUESTION # 22
Which threat hunting profile is the most resource intensive?
- A. Default
- B. Inventory
- C. Comprehensive
- D. Standard Collection
Answer: C
NEW QUESTION # 23
Exhibit.
Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)
- A. The device has been isolated
- B. The forensics data is displayed m the stacks view
- C. An exception has been created for this event
- D. The exfiltration prevention policy has blocked this event
Answer: A,D
NEW QUESTION # 24
Which FortiEDR component is required to find malicious files on the entire network of an organization?
- A. FortiEDR Core
- B. FortiEDR Aggregator
- C. FortiEDR Threat Hunting Repository
- D. FortiEDR Central Manager
Answer: B
NEW QUESTION # 25
Refer to the exhibit.
Based on the postman output shown in the exhibit why is the user getting an unauthorized error?
- A. FortiEDR requires a password reset the first time a user logs in
- B. API access is disabled on the central manager
- C. The user has been assigned Admin and Rest API roles
- D. Postman cannot reach the central manager
Answer: C
NEW QUESTION # 26
Which two types of remote authentication does the FortiEDR management console support? (Choose two.)
- A. LDAP
- B. TACACS
- C. Radius
- D. SAML
Answer: A,C
NEW QUESTION # 27
Refer to the exhibit.
Based on the threat hunting event details shown in the exhibit, which two statements about the event are true?
(Choose two.)
- A. The activity event is associated with the file action
- B. The PING EXE process was blocked
- C. There are no MITRE details available for this event
- D. The user fortinet has executed a ping command
Answer: B,C
NEW QUESTION # 28
What is the benefit of using file hash along with the file name in a threat hunting repository search?
- A. It helps to check the malware even if the malware variant uses a different file name
- B. It helps locate a file as threat hunting only allows hash search
- C. It helps to make sure the hash is really a malware
- D. It helps to find if some instances of the hash are actually associated with a different file
Answer: D
NEW QUESTION # 29
......
NSE5_EDR-5.0 Dumps PDF - NSE5_EDR-5.0 Real Exam Questions Answers: https://freetorrent.pdfdumps.com/NSE5_EDR-5.0-valid-exam.html