Scribd
Upload
2K views2 pages

FortiEDR 4.2 Sample Questions - Attempt Review

The document is a sample quiz on FortiEDR. It consists of 10 multiple choice questions testing knowledge of FortiEDR features and functionality. The quiz was completed in under 4 minutes with a score of 85%. Key topics covered include the Response Gap feature, API communication formats, reasons for PowerShell malware, collector states, event handling statuses, communication control rules, process hash lookups, agent advantages, and FCS playbook characteristics.

Uploaded by

Cven
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2K views2 pages

FortiEDR 4.2 Sample Questions - Attempt Review

The document is a sample quiz on FortiEDR. It consists of 10 multiple choice questions testing knowledge of FortiEDR features and functionality. The quiz was completed in under 4 minutes with a score of 85%. Key topics covered include the Response Gap feature, API communication formats, reasons for PowerShell malware, collector states, event handling statuses, communication control rules, process hash lookups, agent advantages, and FCS playbook characteristics.

Uploaded by

Cven
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

 NSE 5 FortiEDR 4.

2 Sample Questions

Started on Monday, May 17, 2021, 8:28 AM


State Finished
Completed on Monday, May 17, 2021, 8:32 AM
Time taken 3 mins 59 secs
Points 9/10
Grade 85 out of 100

Question 1 What does “Response Gap” feature mean on FortiEDR?


Correct

1 points out of 1 Select one:


The malware that is not detected by antivirus software

The delay between the public release of the malware and the availability of a patch

The malware that is not detected by manual EDR

The delay between detecting a problem and responding to it 

Question 2 What format must API calls use to communicate with FortiEDR?
Correct

1 points out of 1 Select one:


XML

JSON 

CSV

HTML

Question 3 Which are two reasons why PowerShell is used by so many malware campaigns? (Choose two.)
Partially correct

1 points out of 1 Select one or more:


It is built into virtually all Windows machines.

It has an easy-to-use GUI.

Its deep system integration gives it access to almost all Windows features and functions. 

PowerShell attacks are undetectable.

Question 4 In the default view, what do you see in the Collectors


Incorrect list when you click on the Inventory tab?
0 points out of 1
Select one:
All collectors in your organization that are in a Disconnected state

All collectors in your organization

All collectors in your organization that are in a Degraded


state

All collectors in your organization that are currently connected 

Question 5 What does it mean if an event is marked as Unhandled?


Correct

1 points out of 1 Select one:


No console user has viewed the event details.

No exceptions have been created for the event.

No console user has evaluated the event and marked it as handled. 


The currently logged in user has not handled the event.

Question 6 What are two advantages to using communication control rules? (Choose two.)
Correct

1 points out of 1 Select one or more:


They apply only to existing applications and versions.

They are always based on an application vulnerability rating.

They automatically block at-risk applications from communicating. 

They reduce the amount of administration required to maintain communication control. 

Question 7 You are investigating an event triggered by WannaCry. You check a process hash VirusTotal and find that it is rated as a safe process
Correct from a trusted source. What is the most likely reason?
1 points out of 1
Select one:
VirusTotal mistakenly thinks WannaCry is a safe process

The stack you selected is not the stack that triggered the event, so its source process may not be malicious 

WannaCry is using the process hash of a safe file

The event is a false positive: WannaCry is a safe process

Question 8 What are three advantages of FortiEDR collector agent? (Choose three.)
Correct

1 points out of 1 Select one or more:


It lives in the cloud

It combines NGAV and post-infection protection in one agent 

It requires only 30 MB of disk space and 60 MB of memory 

It uses less than 1% CPU 

It requires a dedicated CPU core

Question 9 Which two statements about FCS playbooks are true? (Choose two.)
Correct

1 points out of 1 Select one or more:


They apply automatic exceptions. 

They revise event classifications.

They must be enabled by Fortinet Support. 

They control notifications.

Question 10 Approximately how many new malware samples can AV-TEST detect every day?
Correct

1 points out of 1 Select one:


350,000 

3,500

35,000

3,500,000

You might also like