Fortinet nse5-edr-5-0 practice test

Which connectors can you use for the FortiEDR automated incident response? (Choose two.)

• A. FortiNAC
• B. FortiGate
• C. FortiSiem
• D. FortiSandbox

What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?

• A. The core is responsible for all classifications if FCS playbooks are disabled
• B. The core only assigns a classification if FCS is not available
• C. FCS revises the classification of the core based on its database
• D. FCS is responsible for all classifications

Refer to the exhibit.

Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR
collector are true? (Choose two.)

• A. The collector device has windows firewall enabled
• B. The collector has been installed with an incorrect port number
• C. The collector has been installed with an incorrect registration password
• D. The collector device cannot reach the central manager

A company requires a global communication policy for a FortiEDR multi-tenant environment.
How can the administrator achieve this?

• A. An administrator creates a new communication control policy and shares it with other organizations
• B. A local administrator creates new a communication control policy and shares it with other organizations
• C. A local administrator creates a new communication control policy and assigns it globally to all organizations
• D. An administrator creates a new communication control policy for each organization

Refer to the exhibit.

Based on the event exception shown in the exhibit which two statements about the exception are
true? (Choose two)

• A. A partial exception is applied to this event
• B. FCS playbooks is enabled by Fortinet support
• C. The exception is applied only on device C8092231196
• D. The system owner can modify the trigger rules parameters

Which two statements are true about the remediation function in the threat hunting module?
(Choose two.)

• A. The file is removed from the affected collectors
• B. The threat hunting module sends the user a notification to delete the file
• C. The file is quarantined
• D. The threat hunting module deletes files from collectors that are currently online.

Exhibit.

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

• A. An exception has been created for this event
• B. The forensics data is displayed m the stacks view
• C. The device has been isolated
• D. The exfiltration prevention policy has blocked this event

The FortiEDR axe classified an event as inconclusive, out a few seconds later FCS revised the
classification to malicious. What playbook actions ate applied to the event?

• A. Playbook actions applied to inconclusive events
• B. Playbook actions applied to handled events
• C. Playbook actions applied to suspicious events
• D. Playbook actions applied to malicious events

Which threat hunting profile is the most resource intensive?

• A. Comprehensive
• B. Inventory
• C. Default
• D. Standard Collection

Which two types of remote authentication does the FortiEDR management console support?
(Choose two.)

• A. Radius
• B. SAML
• C. TACACS
• D. LDAP