ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE5_EDR-5.0 All Questions

View all questions & answers for the NSE5_EDR-5.0 exam
Go to Exam

Exam NSE5_EDR-5.0 topic 1 question 2 discussion

Actual exam question from Fortinet's NSE5_EDR-5.0
Question #: 2
Topic #: 1
[All NSE5_EDR-5.0 Questions]

Based on the forensics data shown in the exhibit, which two statements are true? (Choose two.)

  • A. The device cannot be remediated.
  • B. The execution prevention policy has blocked this event.
  • C. The event was blocked because the certificate is unsigned.
  • D. Device C8092231196 has been isolated.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by fontabest99 at Dec. 28, 2022, 5:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Latrel
1 month, 4 weeks ago
A & B Remediate Button is Greyed out and execution prevention policie block. This questions is avaliable on the FortiEDR Lab Guide pag 32
upvoted 2 times
...
thinasci01
3 months, 3 weeks ago
the correct answer is A and B.
upvoted 1 times
...
yonandres
10 months ago
Selected Answer: AB
A & B are the answer
upvoted 2 times
...
Computerhigh
1 year ago
A and B are the correct Answers If you look the Remediate Button is Greyed out so it cannot be remediated You also don't see the Icon for Isolation so the Collector is not isolated Unsigned Certificates don't necessarily trigger an action. Hard to see from the picture but the malicious action was taken during the execution phase , and the red block icon is visible
upvoted 4 times
...
fontabest99
1 year ago
Selected Answer: AB
they are the real answer
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago