● NSE 6 - FortiEDR 7.0 Administrator Exam Materials
Dear valued clients, we would like to inform you that NSE 6 - FortiEDR 7.0 Administrator Dump (NSE6_EDR_AD-7.0 Dump) is currently available; however, it is still under monitoring to ensure full accuracy. You can proceed with the purchase, but do not take the exam until receiving our final confirmation that the material has reached full validation status. Thank you for your trust and understanding.
Question #1
Question #2
Which two Python commands are supported when using FortiEDR Connect to directly access a protected device shell? (Choose two answers)
- A. %upload_file
- B. %ipconfig_all
- C. %psexec
- D. %timestamp
Question #3
Refer to the Exhibit:
Based on the investigation view shown in the exhibit, which two statements about this event are true?
(Choose two answers)
- A. An exception was created for this incident.
- B. The exfiltration prevention policy blocked this event.
- C. The raw data is displayed in the stacks view.
- D. The device has been isolated.
Question #4
Refer to the exhibit.
Based on the exhibit, which statement about this threat hunting query is true?
(Choose one answer)
- A. A security incident will be generated whenever the device attempts an RDP connection.
- B. The query is limited to detecting network activity and does not inspect process behavior.
- C. The query is configured as a global hunting rule and is automatically visible across all organizations.
- D. RDP connections will be automatically blocked and classified as suspicious.
Question #5
Refer to the exhibit:
You configured an execution prevention exclusion with both File Name = app.exe and **Path = C:\Tools**.
What will FortiEDR do?
(Choose one answer)
- A. Exclude only signed versions of app.exe.
- B. Exclude only app.exe when it is running from C:\Tools.
- C. Exclude app.exe whenever it appears.
- D. Exclude all files in C:\Tools.
Question #6
Refer to the Exhibit:
Based on the event shown in the exhibit, which two statements about the event are true?
(Choose two answers)
- A. Playbooks are configured for this event.
- B. The policy is in simulation mode.
- C. The device is moved to isolation.
- D. The event has been blocked.
Question #7
What action does an on-premises reputation server take when it receives a hash request that is not found in its local database? (Choose one answer)
- A. Ignores them until manually updated
- B. Stores them locally and waits for endpoint input
- C. Requests the missing hashes from the cloud reputation service
- D. Automatically blocks applications with unknown hashes
Question #8
A collector attempts to access a known malicious website. FortiEDR is configured for eXtended detection with FortiAnalyzer.
What two roles does Fortinet Cloud Services (FCS) perform in this process?
(Choose two answers)
- A. FCS sends a log record to FortiAnalyzer.
- B. FCS sends OS metadata to the FortiEDR manager.
- C. FCS correlates and analyzes the collected logs.
- D. FCS identifies if a malicious event has taken place and reports the detection incident.
Question #9
A playbook is configured with two actions: terminate process and isolate device.
The terminate process action fails because the process is protected by Windows.
What is the expected behavior for the second action, isolate device?
(Choose one answer)
- A. The playbook execution pauses and requires administrator intervention.
- B. The playbook generates a notification email and execution stops.
- C. The playbook execution stops because the action fails.
- D. The playbook continues and executes the second action.
Question #10
Which two criteria are required for integrating FortiEDR with the Fortinet Security Fabric? (Choose two answers)
- A. Central manager connected to FCS
- B. A Forensics add-on license
- C. A valid API user with access to connectors
- D. Core with core-only functionality
A collector triggers a suspicious security incident that is initially flagged as potentially malicious.
The environment is connected to the FortiEDR Cloud Service (FCS) for classification.
How does FCS process the event for accurate classification? (Choose one answer)