Which threat hunting profile is the most resource intensive?
A. Comprehensive
B. Inventory
C. Default
D. Standard Collection
A company requires a global communication policy for a FortiEDR multi-tenant environment.
How can the administrator achieve this?
A. An administrator creates a new communication control policy and shares it with other organizations
B. A local administrator creates new a communication control policy and shares it with other organizations
C. A local administrator creates a new communication control policy and assigns it globally to all organizations
D. An administrator creates a new communication control policy for each organization
What is the purpose of the Threat Hunting feature?
A. Delete any file from any collector in the organization
B. Find and delete all instances of a known malicious file or hash in the organization
C. Identify all instances of a known malicious file or hash and notify affected users
D. Execute playbooks to isolate affected collectors in the organization
An administrator needs to restrict access to the ADMINISTRATION tab in the central manager for a specific account. What role should the administrator assign to this account?
A. Admin
B. User
C. Local Admin
D. REST API
Refer to the exhibit.
Based on the threat hunting query shown in the exhibit which of the following is true?
A. RDP connections will be blocked and classified as suspicious
B. A security event will be triggered when the device attempts a RDP connection
C. This query is included in other organizations
D. The query will only check for network category
FortiXDR relies on which feature as part of its automated extended response?
A. Playbooks
B. Security Policies
C. Forensic
D. Communication Control
Which FortiEDR component must have JumpBox functionality to connect with FortiAnalyzer?
A. Collector
B. Core
C. Central manager
D. Aggregator
Which two criteria are requirements of integrating FortiEDR into the Fortinet Security Fabric? (Choose two.)
A. Core with Core only functionality
B. A Forensics add-on license
C. Central Manager connected to FCS
D. A valid API user with access to connectors
Refer to the exhibit.
The exhibit shows an event viewer.
What is true about the Payroll Manager.exe event?
A. An event has not been handled by a console admin
B. An event has been deleted
C. A rule assigned action is set to block but the policy is in simulation mode
D. An event has been handled by the communication control policy
Which two events can trigger FortiEDR NGAV policy violations? (Choose two.)
A. When a malicious file attempts to communicate externally
B. When a malicious file is executed
C. When a malicious file is read
D. When a malicious file attempts to access data
