Fortinet nse5-fct-6-2 practice test
Fortinet NSE 5 - FortiClient EMS 6.2 Exam
Question 1
Which three types of antivirus scans are available on FortiClient? (Choose three )
- A. Proxy scan
- B. Full scan
- C. Custom scan
- D. Flow scan
- E. Quick scan
Answer:
B, C, E
Question 2
Which network component sends a notification after identifying a connected endpoint in the
quarantine automation process?
- A. FortiGate
- B. FortiClient
- C. FortiClient EMS
- D. FortiAnalyzer
Answer:
B
Question 3
An administrator installs FortiClient on Windows Server.
What is the default behavior of real-time protection control?
- A. Real-time protection must update AV signature database
- B. Real-time protection sends malicious files to FortiSandbox when the file is not detected locally
- C. Real-time protection is disabled
- D. Real-time protection must update the signature database from FortiSandbox
Answer:
C
Question 4
Refer to the exhibit.
Based on the FortiClient logs shown in the exhibit which application is blocked by the application
firewall?
- A. Twitter
- B. Facebook
- C. Internet Explorer
- D. Firefox
Answer:
D
Question 5
Refer to the exhibit.
Based on the settings shown in the exhibit what action will FortiClient take when users try to access
www facebook com?
- A. FortiClient will allow access to Facebook.
- B. FortiClient will block access to Facebook and its subdomains
- C. FortiClient will prompt a warning message to warn the user before they can access the Facebook website
- D. FortiClient will allow access to Facebook and log user's web access.
Answer:
A
Question 6
When site categories are disabled on FortiClient webfilter and AV (malicious websites), which feature
protects the endpoint?
- A. Web Exclusion list
- B. Endpoint host file
- C. FortiSandbox URL list
- D. Block malicious websites on Antivirus
Answer:
A
Question 7
Refer to the exhibit.
Based on the settings shown in the exhibit which statement about FortiClient behavior is true?
- A. FortiClient quarantines infected files and reviews later, after scanning them.
- B. FortiClient blocks and deletes infected files after scanning them.
- C. FortiClient scans infected files when the user copies files to the Resources folder
- D. FortiClient copies infected files to the Resources folder without scanning them.
Answer:
A
Question 8
Which statement about FortiClient enterprise management server is true?
- A. It provides centralized management of FortiGate devices.
- B. lt provides centralized management of multiple endpoints running FortiClient software.
- C. It provides centralized management of FortiClient Android endpoints only.
- D. It provides centralized management of Chromebooks running real-time protection
Answer:
B
Question 9
Refer to the exhibit.
Based on the settings shown in the exhibit, which two actions must the administrator take to make
the endpoint compliant? (Choose two)
- A. Integrate FortiSandbox for infected file analysis.
- B. Enable the webfilter profile
- C. Patch applications that have vulnerability rated as high or above.
- D. Run Calculator application on the endpoint.
Answer:
C, D
Question 10
An administrator is required to maintain a software inventory on the endpoints. without showing the
feature on the FortiClient dashboard What must the administrator do to achieve this requirement?
- A. The administrator must use default endpoint profile
- B. The administrator must not select the vulnerability scan feature in the deployment package.
- C. The administrator must select the vulnerability scan feature in the deployment package, but disable the feature on the endpoint profile
- D. The administrator must click the hide icon on the vulnerability scan tab
Answer:
C
Question 11
What is the function of the quick scan option on FortiClient?
- A. It performs a full system scan including all files, executable files, DLLs, and drivers for threats.
- B. It scans executable files. DLLs, and drivers that are currently running, for threats.
- C. It allows users to select a specific file folder on your local hard disk drive (HDD), to scan for threats
- D. It scans programs and drivers that are currently running for threats
Answer:
D
Question 12
Which three features does FortiClient endpoint security include? (Choose three )
- A. L2TP
- B. Real-time protection
- C. DLP
- D. Vulnerability management
- E. IPsec
Answer:
B, D, E
Question 13
Refer to the exhibit.
Based on the FortiClient logs shown in the exhibit which endpoint profile policy is currently applied
to the FortiClient endpoint from the EMS server?
- A. WIK-EKVK3EA3S71
- B. Fortinet-Training
- C. Default
- D. Default configuration policy
Answer:
C
Question 14
What action does FortiClient anti-exploit detection take when it detects exploits?
- A. Terminates the compromised application process
- B. Patches the compromised application process
- C. Blocks memory allocation to the compromised application process
- D. Deletes the compromised application process
Answer:
A
Question 15
What does FortiClient do as a fabric agent? (Choose two )
- A. Provides application inventory
- B. Provides IOC verdicts
- C. Automates Responses
- D. Creates dynamic policies
Answer:
B, D