1. Home
  2. Fortinet
  3. NSE 5 Network Security Analyst
  4. NSE5_EDR-5.0
  5. Fortinet NSE 5 - FortiEDR 5.0 Exam Questions and Answers

Pass the Fortinet NSE 5 Network Security Analyst NSE5_EDR-5.0 Questions and answers with CertsForce

 Fortinet Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 1 pages
Viewing questions 1-10 out of questions
Questions # 1:

Exhibit.

Question # 1

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

Options:
A.

The device is moved to isolation.

B.

Playbooks is configured for this event.

C.

The event has been blocked

D.

The policy is in simulation mode

Expert Solution
Questions # 2:

Refer to the exhibit.

Question # 2

Based on the threat hunting event details shown in the exhibit, which two statements about the event are true? (Choose two.)

Options:
A.

The PING EXE process was blocked

B.

The user fortinet has executed a ping command

C.

The activity event is associated with the file action

D.

There are no MITRE details available for this event

Expert Solution
Questions # 3:

Refer to the exhibit.

Question # 3

Based on the event exception shown in the exhibit which two statements about the exception are true? (Choose two)

Options:
A.

A partial exception is applied to this event

B.

FCS playbooks is enabled by Fortinet support

C.

The exception is applied only on device C8092231196

D.

The system owner can modify the trigger rules parameters

Expert Solution
Questions # 4:

What is the role of a collector in the communication control policy?

Options:
A.

A collector blocks unsafe applications from running

B.

A collector is used to change the reputation score of any application that collector runs

C.

A collector records applications that communicate externally

D.

A collector can quarantine unsafe applications from communicating

Expert Solution
Questions # 5:

An administrator finds a third party free software on a user's computer mat does not appear in me application list in the communication control console

Which two statements are true about this situation? (Choose two)

Options:
A.

The application is allowed in all communication control policies

B.

The application is ignored as the reputation score is acceptable by the security policy

C.

The application has not made any connection attempts

D.

The application is blocked by the security policies

Expert Solution
Questions # 6:

What is the benefit of using file hash along with the file name in a threat hunting repository search?

Options:
A.

It helps to make sure the hash is really a malware

B.

It helps to check the malware even if the malware variant uses a different file name

C.

It helps to find if some instances of the hash are actually associated with a different file

D.

It helps locate a file as threat hunting only allows hash search

Expert Solution
Questions # 7:

Refer to the exhibits.

Question # 7

Question # 7

The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group

What must an administrator do to block the FileZilia application?

Options:
A.

Deny application in Finance policy

B.

Assign Finance policy to DBA group

C.

Assign Finance policy to Default Collector Group

D.

Assign Simulation Communication Control Policy to DBA group

Expert Solution
Questions # 8:

Which security policy has all of its rules disabled by default?

Options:
A.

Device Control

B.

Ransomware Prevention

C.

Execution Prevention

D.

Exfiltration Prevention

Expert Solution
Questions # 9:

Refer to the exhibit.

Question # 9

Based on the threat hunting query shown in the exhibit which of the following is true?

Options:
A.

RDP connections will be blocked and classified as suspicious

B.

A security event will be triggered when the device attempts a RDP connection

C.

This query is included in other organizations

D.

The query will only check for network category

Expert Solution
Viewing page 1 out of 1 pages
Viewing questions 1-10 out of questions