Marisco El que lo lea 3

What is the purpose of the Threat Hunting feature?. Delete any file from any collector in the organization. Find and delete all instances of a known malicious file or hash in the organization. Identify all instances of a known malicious file or hash and notify affected users. Execute playbooks to isolate affected collectors in the organization.

How does FortiEDR implement post-infection protection?. By preventing data exfiltration or encryption even after a breach occurs. By using methods used by traditional EDR. By insurance against ransomware. By real-time filtering to prevent malware from executing.

Based on the forensics data shown in the exhibit which two statements are true? (Choose two). The device cannot be remediated. The event was blocked because the certificate is unsigned. Device C8092231196 has been isolated. The execution prevention policy has blocked this event.

What is the benefit of using file hash along with the file name in a threat hunting repository search?. It helps to make sure the hash is really a malware. It helps to check the malware even if the malware variant uses a different file name. It helps to find if some instances of the hash are actually associated with a different file. It helps locate a file as threat hunting only allows hash search.

Based on the event shown in the exhibit which two statements about the event are true? (Choose two.). The device is moved to isolation. Playbooks is configured for this event. The event has been blocked. The policy is in simulation mode.

An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account. What role should the administrator assign to this account?. Admin. User. Local Admin. REST API.

Based on the event shown in the exhibit, which two statements about the event are true? (Choose two.). The NGAV policy has blocked TestApplication exe. TestApplication.exe is sophisticated malware. The user was able to launch TestApplication exe. FCS classified the event as malicious.

The exhibits show the collector state and active connections. The collector is unable to connect to aggregator IP address 10.160.6.100 using default port. Based on the netstat command output what must you do to resolve the connectivity issue?. Reinstall collector agent and use port 443. Reinstall collector agent and use port 8081. Reinstall collector agent and use port 555. Reinstall collector agent and use port 6514.

The exhibits show application policy logs and application details Collector C8092231196 is a member of the Finance group What must an administrator do to block the FileZilia application?. Deny application in Finance policy. Assign Finance policy to DBA group. Assign Finance policy to Default Collector Group. Assign Simulation Communication Control Policy to DBA group.

Based on the threat hunting query shown in the exhibit which of the following is true?. RDP connections will be blocked and classified as suspicious. A security event will be triggered when the device attempts a RDP connection. his query is included in other organizations. The query will only check for network category.

Which connectors can you use for the FortiEDR automated incident response? (Choose two.). FortiNAC. FortiGate. FortiSiem. FortiSandbox.

What is true about classifications assigned by Fortinet Cloud Sen/ice (FCS)?. The core is responsible for all classifications if FCS playbooks are disabled. The core only assigns a classification if FCS is not available. FCS revises the classification of the core based on its database. FCS is responsible for all classifications.

Based on the FortiEDR status output shown in the exhibit, which two statements about the FortiEDR collector are true? (Choose two.). The collector device has windows firewall enabled. The collector has been installed with an incorrect port number. The collector has been installed with an incorrect registration password. The collector device cannot reach the central manage.

A company requires a global communication policy for a FortiEDR multi-tenant environment. How can the administrator achieve this?. An administrator creates a new communication control policy and shares it with other organizations. A local administrator creates new a communication control policy and shares it with other organizations. A local administrator creates a new communication control policy and assigns it globally to all organizations. An administrator creates a new communication control policy for each organization.

Based on the event exception shown in the exhibit which two statements about the exception are true? (Choose two). A partial exception is applied to this event. FCS playbooks is enabled by Fortinet support. he exception is applied only on device C8092231196. The system owner can modify the trigger rules parameters.

Which two statements are true about the remediation function in the threat hunting module? (Choose two.). The file is removed from the affected collectors. The threat hunting module sends the user a notification to delete the file. The file is quarantined. the threat hunting module deletes files from collectors that are currently online.

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.). An exception has been created for this event. The forensics data is displayed in the stacks view. The device has been isolated. the exfiltration prevention policy has blocked this event.

The FortiEDR axe classified an event as inconclusive, out a few seconds later FCS revised the classification to malicious. What playbook actions ate applied to the event?. Playbook actions applied to inconclusive events. Playbook actions applied to handled events. Playbook actions applied to suspicious events. Playbook actions applied to malicious events.

Which threat hunting profile is the most resource intensive?. Comprehensive. Inventory. Default. Standard Collection.

Which two types of remote authentication does the FortiEDR management console support? (Choose two.). Radius. SAML. TACACS. LDAP.

FortiXDR relies on which feature as part of its automated extended response?. Playbooks. Security Policies. Forensic. Communication Control.

Based on the postman output shown in the exhibit why is the user getting an unauthorized error?. The user has been assigned Admin and Rest API roles. FortiEDR requires a password reset the first time a user logs in. Postman cannot reach the central manager. API access is disabled on the central manager.

What is the role of a collector in the communication control policy?. A collector blocks unsafe applications from running. A collector is used to change the reputation score of any application that collector runs. A collector records applications that communicate externally. A collector can quarantine unsafe applications from communicating.

Based on the threat hunting event details shown in the exhibit, which two statements about the event are true? (Choose two.). The PING EXE process was blocked. The user fortinet has executed a ping command. The activity event is associated with the file action. There are no MITRE details available for this event.

An administrator finds a third party free software on a user's computer mat does not appear in me application list in the communication control console Which two statements are true about this situation? (Choose two). The application is allowed in all communication control policies. The application is ignored as the reputation score is acceptable by the security policy. The application has not made any connection attempts. The application is blocked by the security policies.

A FortiEDR security event is causing a performance issue with a third-parry application. What must you do first about the event?. Contact Fortinet support. Terminate the process and uninstall the third-party application. Immediately create an exception. Investigate the event to verify whether or not the application is safe.

Which scripting language is supported by the FortiEDR action managed?. TCL. Python. Perl. Bash.

Which FortiEDR component is required to find malicious files on the entire network of an organization?. FortiEDR Aggregator. FortiEDR Central Manager. FortiEDR Threat Hunting Repository. FortiEDR Core.

Which two statements about the FortiEDR solution are true? (Choose two.). It provides pre-infection and post-infection protection. It is Windows OS only. It provides central management. t provides pant-to-point protection.

Which FortiEDR component must have JumpBox functionality to connect with FortiAnalyzer?. Collector. Core. Central manager. Aggregator.

What is true about the Payroll Manager.exe event?. An event has not been handled by a console admin. An event has been deleted. A rule assigned action is set to block but the policy is in simulation mode. An event has been handled by the communication control policy.

How does the FortiEDR approach compare to the traditional EDR? (Choose two.). FortiEDR blocks threats in real time, eliminating the response gap. Traditional EDR is faster. There is no difference in response time. FortiEDR requires less staff.

Which three steps does FortiXDR perform to find and prevent cyberattacks? (Choose three.). Extended analysis. Extended detection. Extended discovery. Extended investigation. Extended response.

Which two criteria are requirements of integrating FortiEDR into the Fortinet Security Fabric? (Choose two.). Core with Core only functionality. A Forensics add-on license. Central Manager connected to FCS. A valid API user with access to connectors.

Which statement is true about the flow analyzer view in forensics?. It displays a graphic flow diagram. Two events can be compared side-by-side. It shows details about processes and sub processes. The stack memory of a specific device can be retrieved.

When installing a FortiEDR collector, why is a ‘Registration Password’ for collectors needed?. To restrict installation and uninstallation of collectors. To verify Fortinet support request. To restrict access to the management console. To verify new group assignment.

Which two types of traffic are allowed while the device is in isolation mode? (Choose two.). Outgoing SSH connections. HTTP sessions. ICMP sessions. Incoming RDP connections.

A company requires a global exception for a FortiEDR multi-tenant environment How can the administrator achieve this?. The local administrator can create a new exception and share it with other organizations. A user account can create a new exception and share it with other organizations. The administrator can create a new exception and assign it globally to all organizations. The administrator can create a new exception policy for each organization hosted on FortiEDR.

An administrator finds that a newly installed collector does not display on the INVENTORY tab in the central manager. What two troubleshooting steps must the administrator perform? (Choose two.). Export the collector logs from the central manager. Verify the central manager has connectivity to FCS. Verify TCP ports 8081 and 555 are open. Check if the FortiEDR services are running on the collector device.

Which two events can trigger FortiEDR NGAV policy violations? (Choose two.). When a malicious file attempts to communicate externally. When a malicious file is executed. When a malicious file is read. When a malicious file attempts to access data.

Which security policy has all of its rules disabled by default?. Device Control. Ransomware Prevention. Execution Prevention. Exfiltration Prevention.