NSE5_FCT-6.2 Exam

Based on the CLI output from FortiGate. which statement is true?. A. FortiGate is configured to pull user groups from FortiClient EMS. B. FortiGate is configured with local user group. C. FortiGate is configured to pull user groups from FortiAuthenticator. D. FortiGate is configured to pull user groups from AD Server.

Based on the settings shown in the exhibit what action will FortiClient take when it detects that a user is trying to download an infected file?. A. Blocks the infected files as it is downloading. B. Quarantines the infected files and logs all access attempts. C. Sends the infected file to FortiGuard for analysis. D. Allows the infected file to download without scan.

Based on the logs shown in the exhibit, why did FortiClient EMS fail to install FortiClient on the endpoint?. A. Windows firewall is not running. B. Windows installer service is not running. C. Remote registry service is not running. D. Task scheduler service is not running.

An administrator installs FortiClient EMS in the enterprise. Which component is responsible for enforcing endpoint protection in managed mode?. A. FortiClient. B. FortiClient vulnerability scan. C. FortiClient EMS. D. FortiClient EMS database.

An administrator deploys a FortiClient installation through the Microsoft AD group policy After installation is complete all the custom configuration is missing. What could have caused this problem?. A. The FortiClient exe file is included in the distribution package. B. The FortiClient MST file is missing from the distribution package. C. FortiClient does not have permission to access the distribution package. D. The FortiClient package is not assigned to the group.

Based on the FortiGate Security Fabric settings shown in the exhibits, what must an administrator do on the EMS server to successfully quarantine an endpoint. when it is detected as a compromised host (loC)?. A. The administrator must enable remote HTTPS access to EMS. B. The administrator must enable FQDN on EMS. C. The administrator must authorize FortiGate on FortiAnalyzer. D. The administrator must enable SSH access to EMS.

Which statement about FortiClient comprehensive endpoint protection is true?. A. It helps to safeguard systems from email spam. B. It helps to safeguard systems from data loss. C. It helps to safeguard systems from DDoS. D. lt helps to safeguard systems from advanced security threats, such as malware.

Based on the Security Fabric automation settings, what action will be taken on compromised endpoints?. A. Endpoints will be quarantined through EMS. B. Endpoints will be banned on FortiGate. C. An email notification will be sent for compromised endpoints. D. Endpoints will be quarantined through FortiSwitch.

In a FortiSandbox integration, what does the remediation option do?. A. Wait for FortiSandbox results before allowing files. B. Exclude specified files. C. Alert and notify only. D. Deny access to a file when it sees no results.

Which component can the EMS administrator use to manage the FortiClient web filter extension installed on the Google Chromebook endpoint?. A. FortiClient customer URL list. B. FortiClient web filter extension. C. FortiClient EMS. D. FortiClient site categories.

Which two VPN types can a FortiClient endpoint user inmate from the Windows command prompt? (Choose two). A. L2TP. B. PPTP. C. IPSec. D. SSL VPN.

A FortiClient EMS administrator has enabled compliance rule for the sales department Which Fortmet device will enforce compliance with dynamic access control?. A. FortiClient EMS. B. FortiAnalyzer. C. FortiGate. D. FortiClient.

A. An administrator has restored the modified XML configuration file to FortiClient and sees the error shown in the exhibit. B. Based on the XML settings shown in the exhibit, what must the administrator do to resolve the issue with the XML configuration file?. C. The administrator must resolve the XML syntax error. The administrator must use a password to decrypt the file The administrator must change the file size. D. The administrator must save the file as FortiClient-config conf.

Which two third-party tools can an administrator use to deploy FortiClient? (Choose two ). A. Microsoft SCCM. B. Microsoft Active Directory GPO. C. MSI Editor. D. Microsoft Windows Installer.

Based on the FortiClient log details shown in the exhibit, which two statements are true? (Choose two). A. The file status is Quarantined. B. The file location is \??\D: \Users. C. The filename IS Unconfirmed 399290-crdownload. D. The filename is sent to FortiSandbox for further inspection.

What does FortiClient do as a fabric agent? (Choose two ). A. Provides application inventory. B. Provides IOC verdicts. C. Automates Responses. D. Creates dynamic policies.

What action does FortiClient anti-exploit detection take when it detects exploits?. A. Terminates the compromised application process. B. Patches the compromised application process. C. Blocks memory allocation to the compromised application process. D. Deletes the compromised application process.

Based on the FortiClient logs shown in the exhibit which endpoint profile policy is currently applied to the FortiClient endpoint from the EMS server?. A. WIK-EKVK3EA3S71. B. Fortinet-Training. C. Default. D. Default configuration policy.

Which three features does FortiClient endpoint security include? (Choose three ). A. L2TP. B. Real-time protection. C. DLP. D. Vulnerability management. E. IPsec.

What is the function of the quick scan option on FortiClient?. A. It performs a full system scan including all files, executable files, DLLs, and drivers for threats. B. It scans executable files. DLLs, and drivers that are currently running, for threats. C. It allows users to select a specific file folder on your local hard disk drive (HDD), to scan for threats. D. It scans programs and drivers that are currently running for threats.

An administrator is required to maintain a software inventory on the endpoints. without showing the feature on the FortiClient dashboard What must the administrator do to achieve this requirement?. A. The administrator must use default endpoint profile. B. The administrator must not select the vulnerability scan feature in the deployment package. C. The administrator must select the vulnerability scan feature in the deployment package, but disable the feature on the endpoint profile. D. The administrator must click the hide icon on the vulnerability scan tab.

Based on the settings shown in the exhibit, which two actions must the administrator take to make the endpoint compliant? (Choose two). A. Integrate FortiSandbox for infected file analysis. B. Enable the webfilter profile. C. Patch applications that have vulnerability rated as high or above. D. Run Calculator application on the endpoint.

Which statement about FortiClient enterprise management server is true?. A. It provides centralized management of FortiGate devices. B. lt provides centralized management of multiple endpoints running FortiClient software. C. It provides centralized management of FortiClient Android endpoints only. D. It provides centralized management of Chromebooks running real-time protection.

Based on the settings shown in the exhibit which statement about FortiClient behavior is true?. A. FortiClient quarantines infected files and reviews later, after scanning them. B. FortiClient blocks and deletes infected files after scanning them. C. FortiClient scans infected files when the user copies files to the Resources folder. D. FortiClient copies infected files to the Resources folder without scanning them.

When site categories are disabled on FortiClient webfilter and AV (malicious websites), which feature protects the endpoint?. A. Web Exclusion list. B. Endpoint host file. C. FortiSandbox URL list. D. Block malicious websites on Antivirus.

Based on the settings shown in the exhibit what action will FortiClient take when users try to access www facebook com?. A. FortiClient will allow access to Facebook. B. FortiClient will block access to Facebook and its subdomains. C. FortiClient will prompt a warning message to warn the user before they can access the Facebook website. D. FortiClient will allow access to Facebook and log user's web access.

Based on the FortiClient logs shown in the exhibit which application is blocked by the application firewall?. A. Twitter. B. Facebook. C. Internet Explorer. D. Firefox.

An administrator installs FortiClient on Windows Server. What is the default behavior of real-time protection control?. A. Real-time protection must update AV signature database. B. Real-time protection sends malicious files to FortiSandbox when the file is not detected locally. C. Real-time protection is disabled. D. Real-time protection must update the signature database from FortiSandbox.

Which network component sends a notification after identifying a connected endpoint in the quarantine automation process?. A. FortiGate. B. FortiClient. C. FortiClient EMS. D. FortiAnalyzer.

Which three types of antivirus scans are available on FortiClient? (Choose three ). A. Proxy scan. B. Full scan. C. Custom scan. D. Flow scan. E. Quick scan.