Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the Fortinet NSE 5 Network Security Analyst NSE5_EDR-5.0 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam NSE5_EDR-5.0 Premium Access

View all detail and faqs for the NSE5_EDR-5.0 exam

Go to Exam

446 Students Passed

86% Average Score

97% Same Questions
Viewing page 1 out of 1 pages
Viewing questions 1-10 out of questions
Questions # 1:

FortiXDR relies on which feature as part of its automated extended response?

Options:

A.

Playbooks

B.

Security Policies

C.

Forensic

D.

Communication Control

Questions # 2:

Which FortiEDR component is required to find malicious files on the entire network of an organization?

Options:

A.

FortiEDR Aggregator

B.

FortiEDR Central Manager

C.

FortiEDR Threat Hunting Repository

D.

FortiEDR Core

Questions # 3:

A FortiEDR security event is causing a performance issue with a third-parry application. What must you do first about the event?

Options:

A.

Contact Fortinet support

B.

Terminate the process and uninstall the third-party application

C.

Immediately create an exception

D.

Investigate the event to verify whether or not the application is safe

Questions # 4:

Refer to the exhibits.

Question # 4

Question # 4

The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group

What must an administrator do to block the FileZilia application?

Options:

A.

Deny application in Finance policy

B.

Assign Finance policy to DBA group

C.

Assign Finance policy to Default Collector Group

D.

Assign Simulation Communication Control Policy to DBA group

Questions # 5:

Refer to the exhibits.

Question # 5

Question # 5

The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port.

Based on the netstat command output what must you do to resolve the connectivity issue?

Options:

A.

Reinstall collector agent and use port 443

B.

Reinstall collector agent and use port 8081

C.

Reinstall collector agent and use port 555

D.

Reinstall collector agent and use port 6514

Questions # 6:

Exhibit.

Question # 6

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

Options:

A.

An exception has been created for this event

B.

The forensics data is displayed m the stacks view

C.

The device has been isolated

D.

The exfiltration prevention policy has blocked this event

Questions # 7:

Which threat hunting profile is the most resource intensive?

Options:

A.

Comprehensive

B.

Inventory

C.

Default

D.

Standard Collection

Questions # 8:

Refer to the exhibit.

Question # 8

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.)

Options:

A.

The NGAV policy has blocked TestApplication exe

B.

TestApplication exe is sophisticated malware

C.

The user was able to launch TestApplication exe

D.

FCS classified the event as malicious

Questions # 9:

What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?

Options:

A.

The core is responsible for all classifications if FCS playbooks are disabled

B.

The core only assigns a classification if FCS is not available

C.

FCS revises the classification of the core based on its database

D.

FCS is responsible for all classifications

Viewing page 1 out of 1 pages
Viewing questions 1-10 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA