[2023年03月]更新のNSE5_EDR-5.0試験問題集、NSE5_EDR-5.0練習テスト問題 [Q12-Q31]

[2023年03月]更新のNSE5_EDR-5.0試験問題集、NSE5_EDR-5.0練習テスト問題

検証済みNSE5_EDR-5.0問題集PDF資料 [2023]

Fortinet NSE5_EDR-5.0 認定試験の出題範囲：

トピック	出題範囲
トピック 1	脅威ハンティングデータの分析 FortiEDR のトラブルシューティング、プレイブックの構成、FortiXDR の導入
トピック 2	API を使用して FortiEDR 管理機能 FortiEDR セキュリティ設定とポリシーを実行
トピック 3	Fortinet Cloud Service (FCS) の説明通信制御ポリシーの構成
トピック 4	FortiEDR セキュリティイベントとログのアラート分析を実行する FortiEDR アーキテクチャと技術的位置付けを説明する
トピック 5	イベント、フォレンジック、脅威ハンティングセキュリティイベントとアラートを分析
トピック 6	セキュリティポリシーの構成インストールプロセスの実行
トピック 7	フォレンジック分析を使用してセキュリティイベントを調査 FortiEDR マルチテナンシーを導入
トピック 8	FortiEDR を使用してセキュリティファブリックを構成する FortiEDR のトラブルシューティングを実行する

質問 12
Which security policy has all of its rules disabled by default?

A. Exfiltration Prevention
B. Execution Prevention
C. Ransomware Prevention
D. Device Control

正解: C

質問 13
Exhibit.

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

A. The device is moved to isolation.
B. The event has been blocked
C. The policy is in simulation mode
D. Playbooks is configured for this event.

正解: C,D

質問 14
An administrator finds a third party free software on a user's computer mat does not appear in me application list in the communication control console Which two statements are true about this situation? (Choose two)

A. The application is allowed in all communication control policies
B. The application is ignored as the reputation score is acceptable by the security policy
C. The application is blocked by the security policies
D. The application has not made any connection attempts

正解: A,C

質問 15
FortiXDR relies on which feature as part of its automated extended response?

A. Security Policies
B. Communication Control
C. Playbooks
D. Forensic

正解: A

質問 16
Which two statements about the FortiEDR solution are true? (Choose two.)

A. It is Windows OS only
B. It provides pre-infection and post-infection protection
C. It provides central management
D. It provides pant-to-point protection

正解: B,D

質問 17
How does FortiEDR implement post-infection protection?

A. By using methods used by traditional EDR
B. By insurance against ransomware
C. By real-time filtering to prevent malware from executing
D. By preventing data exfiltration or encryption even after a breach occurs

正解: C

質問 18
Refer to the exhibit.

Based on the threat hunting query shown in the exhibit which of the following is true?

A. This query is included in other organizations
B. The query will only check for network category
C. RDP connections will be blocked and classified as suspicious
D. A security event will be triggered when the device attempts a RDP connection

正解: D

質問 19
Exhibit.

Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)

A. The execution prevention policy has blocked this event.
B. The device cannot be remediated
C. The event was blocked because the certificate is unsigned
D. Device C8092231196 has been isolated

正解: C,D

質問 20
Refer to the exhibit.

Based on the threat hunting event details shown in the exhibit, which two statements about the event are true?
(Choose two.)

A. The activity event is associated with the file action
B. There are no MITRE details available for this event
C. The PING EXE process was blocked
D. The user fortinet has executed a ping command

正解: B,C

質問 21
Which connectors can you use for the FortiEDR automated incident response? (Choose two.)

A. FortiNAC
B. FortiSandbox
C. FortiGate
D. FortiSiem

正解: C,D

質問 22
Which FortiEDR component is required to find malicious files on the entire network of an organization?

A. FortiEDR Core
B. FortiEDR Threat Hunting Repository
C. FortiEDR Central Manager
D. FortiEDR Aggregator

正解: D

質問 23
Refer to the exhibit.

Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.)