https://killexams.com/pass4sure/exam-detail/NSE5
Download PDF for NSE5
_EDR-5.0"/>


NSE5_EDR-5.0 MCQs

NSE5_EDR-5.0 TestPrep NSE5_EDR-5.0 Study Guide NSE5_EDR-5.0 Practice Test NSE5_EDR-5.0 Exam Questions


Fortinet


NSE5_EDR-5.0


Fortinet NSE 5 - FortiEDR 5.0


https://killexams.com/pass4sure/exam-detail/NSE5

Download PDF for NSE5
_EDR-5.0



Question: 129


Refer to the exhibit.



Based on the threat hunting query shown in the exhibit which of the following is true?


  1. RDP connections will be blocked and classified as suspicious

  2. A security event will be triggered when the device attempts a RDP connection

  3. This query is included in other organizations

  4. The query will only check for network category




Answer: B

Question: 130

What is the purpose of the Threat Hunting feature?


  1. Delete any file from any collector in the organization

  2. Find and delete all instances of a known malicious file or hash in the organization

  3. Identify all instances of a known malicious file or hash and notify affected users

  4. Execute playbooks to isolate affected collectors in the organization




Answer: C

Question: 131 Refer to the exhibit.


Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)


  1. The collector device has windows firewall enabled

  2. The collector has been installed with an incorrect port number

  3. The collector has been installed with an incorrect registration password

  4. The collector device cannot reach the central manager




Answer: A,B,D

Question: 132 Exhibit.


Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)


  1. The device cannot be remediated

  2. The event was blocked because the certificate is unsigned

  3. Device C8092231196 has been isolated

  4. The execution prevention policy has blocked this event.




Answer: A,B,C

Question: 133 Exhibit.



Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)


  1. An exception has been created for this event

  2. The forensics data is displayed m the stacks view

  3. The device has been isolated

  4. The exfiltration prevention policy has blocked this event




Answer: A,C,D

Question: 134

What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?


  1. The core is responsible for all classifications if FCS playbooks are disabled

  2. The core only assigns a classification if FCS is not available

  3. FCS revises the classification of the core based on its database

  4. FCS is responsible for all classifications




Answer: C

Question: 135

Which two types of remote authentication does the FortiEDR management console support? (Choose two.)


  1. Radius

  2. SAML

  3. TACACS

  4. LDAP




Answer: A,D

Question: 136

Which two statements about the FortiEDR solution are true? (Choose two.)


  1. It provides pre-infection and post-infection protection

  2. It is Windows OS only

  3. It provides central management

  4. It provides pant-to-point protection




Answer: A,C

Question: 137

How does FortiEDR implement post-infection protection?


  1. By preventing data exfiltration or encryption even after a breach occurs

  2. By using methods used by traditional EDR

  3. By insurance against ransomware

  4. By real-time filtering to prevent malware from executing




Answer: A

Question: 138

An administrator needs to restrict access to the ADMINISTRATION tab inthe central manager for a specific account. What role should the administrator assign to this account?

  1. Admin

  2. User

  3. Local Admin

  4. REST API




Answer: C


KILLEXAMS.COM


Killexams.com is a leading online platform specializing in high-quality certification exam preparation. Offering a robust suite of tools, including MCQs, practice tests, and advanced test engines, Killexams.com empowers candidates to excel in their certification exams. Discover the key features that make Killexams.com the go-to choice for exam success.



Exam Questions:

Killexams.com provides exam questions that are experienced in test centers. These questions are updated regularly to ensure they are up-to-date and relevant to the latest exam syllabus. By studying these questions, candidates can familiarize themselves with the content and format of the real exam.


Exam MCQs:

Killexams.com offers exam MCQs in PDF format. These questions contain a comprehensive

collection of questions and answers that cover the exam topics. By using these MCQs, candidate can enhance their knowledge and improve their chances of success in the certification exam.


Practice Test:

Killexams.com provides practice test through their desktop test engine and online test engine. These practice tests simulate the real exam environment and help candidates assess their readiness for the actual exam. The practice test cover a wide range of questions and enable candidates to identify their strengths and weaknesses.


thorough preparation:

Killexams.com offers a success guarantee with the exam MCQs. Killexams claim that by using this materials, candidates will pass their exams on the first attempt or they will get refund for the purchase price. This guarantee provides assurance and confidence to individuals preparing for certification exam.


Updated Contents:

Killexams.com regularly updates its question bank of MCQs to ensure that they are current and reflect the latest changes in the exam syllabus. This helps candidates stay up-to-date with the exam content and increases their chances of success.