Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Fortinet
  3. NSE5_EDR-5.0

Fortinet NSE5_EDR-5.0 Exam (page: 1)
Fortinet NSE 5 - FortiEDR 5.0
Updated on: 25-Sep-2025

Viewing Page 1 of 10
NSE5_EDR-5.0 PDF 44 Questions

What is the purpose of the Threat Hunting feature?

  1. Delete any file from any collector in the organization
  2. Find and delete all instances of a known malicious file or hash in the organization
  3. Identify all instances of a known malicious file or hash and notify affected users
  4. Execute playbooks to isolate affected collectors in the organization

Answer(s): C



How does FortiEDR implement post-infection protection?

  1. By preventing data exfiltration or encryption even after a breach occurs
  2. By using methods used by traditional EDR
  3. By insurance against ransomware
  4. By real-time filtering to prevent malware from executing

Answer(s): A


Reference:

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortiedr.pdf



Refer to the exhibit.



Based on the forensics data shown in the exhibit which two statements are true? (Choose two.)

  1. The device cannot be remediated
  2. The event was blocked because the certificate is unsigned
  3. Device C8092231196 has been isolated
  4. The execution prevention policy has blocked this event.

Answer(s): B,C



What is the benefit of using file hash along with the file name in a threat hunting repository search?

  1. It helps to make sure the hash is really a malware
  2. It helps to check the malware even if the malware variant uses a different file name
  3. It helps to find if some instances of the hash are actually associated with a different file
  4. It helps locate a file as threat hunting only allows hash search

Answer(s): B



Refer to the exhibit.



Based on the event shown in the exhibit which two statements about the event are true? (Choose two.)

  1. The device is moved to isolation.
  2. Playbooks is configured for this event.
  3. The event has been blocked
  4. The policy is in simulation mode

Answer(s): B,D



Viewing Page 1 of 10



Share your comments for Fortinet NSE5_EDR-5.0 exam with other users:

CiscoStudent 11/15/2023 5:29:00 AM

in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.
Anonymous


pankaj 9/28/2023 4:36:00 AM

it was helpful
Anonymous


User123 10/8/2023 9:59:00 AM

good question
UNITED STATES


vinay 9/4/2023 10:23:00 AM

really nice
Anonymous


Usman 8/28/2023 10:07:00 AM

please i need dumps for isc2 cybersecuity
Anonymous


Q44 7/30/2023 11:50:00 AM

ans is coldline i think
UNITED STATES


Anuj 12/21/2023 1:30:00 PM

very helpful
Anonymous


Giri 9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more
UNITED STATES


Aaron 2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
SOUTH AFRICA


Sarwar 12/21/2023 4:54:00 PM

how i can see exam questions?
CANADA


Chengchaone 9/11/2023 10:22:00 AM

can you please upload please?
Anonymous


Mouli 9/2/2023 7:02:00 AM

question 75: option c is correct answer
Anonymous


JugHead 9/27/2023 2:40:00 PM

please add this exam
Anonymous


sushant 6/28/2023 4:38:00 AM

please upoad
EUROPEAN UNION


John 8/7/2023 12:09:00 AM

has anyone recently attended safe 6.0 certification? is it the samq question from here.
Anonymous


Blessious Phiri 8/14/2023 3:49:00 PM

expository experience
Anonymous


concerned citizen 12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
UNITED STATES


deedee 12/23/2023 5:10:00 PM

great help!!!
UNITED STATES


Samir 8/1/2023 3:07:00 PM

very useful tools
UNITED STATES


Saeed 11/7/2023 3:14:00 AM

looks a good platform to prepare az-104
Anonymous


Matiullah 6/24/2023 7:37:00 AM

want to pass the exam
Anonymous


SN 9/5/2023 2:25:00 PM

good resource
UNITED STATES


Zoubeyr 9/8/2023 5:56:00 AM

question 11 : d
FRANCE


User 8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
Anonymous


CW 7/6/2023 7:37:00 PM

good questions. thanks.
Anonymous


Farooqi 11/21/2023 1:37:00 AM

good for practice.
INDIA


Isaac 10/28/2023 2:30:00 PM

great case study
UNITED STATES


Malviya 2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
INDIA


rsmyth 5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
IRELAND


Keny 6/23/2023 9:00:00 PM

thanks, very relevant
PERU


Muhammad Rawish Siddiqui 11/29/2023 12:14:00 PM

wrong answer. it is true not false.
SAUDI ARABIA


Josh 7/10/2023 1:54:00 PM

please i need the mo-100 questions
Anonymous


VINNY 6/2/2023 11:59:00 AM

very good use full
Anonymous


Andy 12/6/2023 5:56:00 AM

very valid questions
Anonymous