Loading provider exams...
Sign Up & unlock 100% of Exam Questions
No Strings Attached!
Updated
Which two statements correctly describe the IoT probing process on FortiEDR? (Choose two.)
This exam has 34 community-verified practice questions. Create a free account to access all questions, comments, and explanations.
Log In / Sign UpWhat action does an on-premises reputation server take when it receives a hash request that is not found in its local database?
A collector triggers a suspicious security incident that is initially flagged as potentially malicious.
The environment is connected to the FortiEDR Cloud Service (FCS) for classification.
How does FCS process the event for accurate classification?
An employee leaves the company and no longer has access to the FortiEDR system. You must ensure GDPR compliance regarding the employee’s personal data stored in FortiEDR.
Which two data types must be removed to meet GDPR requirements? (Choose two.)
Refer to the exhibit.

You are asked to block applications based on hash attributes.
Which two factors must you consider when applying the hash value? (Choose two.)
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
You find third-party software on a user’s computer that does not appear in the application list on the communication control console.
Which two statements are true about this situation? (Choose two.)
A company requires a global exception for a FortiEDR multi-tenant environment.
Which recommendation must you make?
Refer to the exhibit.

You configured an execution prevention exclusion with both File Name = app.exe and Path = C:\Tools.
What will FortiEDR do?
DRAG DROP -
When implementing an application block policy in FortiEDR, which three actions, in order, reflect the correct operational sequence?
Select an action in the left column and hold and drag it to a blank position in the column on the right. Place the three correct actions in order, starting with the first action at the top of the column. After you place an action, you can move it again if you want to change your answer before proceeding to the next question. You must drop three actions in the work area.
Select and drag the screen divider to change the viewable area of the source and work areas.

Refer to the exhibit.

An event exception is shown.
Which two statements about the exception are true? (Choose two.)
You added three new applications to FortiEDR using only the Path attribute.
What are two expected outcomes of this configuration? (Choose two.)
Refer to the exhibit.

Based on the exhibit, which statement about this treat hunting query is true?
Refer to the exhibits.


The application policy logs and application details are shown. Collector C8092231196 is a member of the Finance group.
In this scenario, what must you do to block the FileZilla application?
Refer to the exhibit.

A FortiEDR analyst is prioritizing response efforts.
One application has a vulnerability score of Critical but an Unknown ACI rating, while another has a Medium vulnerability score with active ACI evidence of adversary targeting.
Which application must be addressed first?