View all questions & answers for the NSE 6 - FortiEDR 7.0 Administrator Exam Materials exam


NSE 6 - FortiEDR 7.0 Administrator Exam Materials-Question 4 Discussion
Comment Image Comment Image Comment Image

Refer to the exhibit. Based on the exhibit, which statement about this threat hunting query is true? (Choose one answer)

  • A. A security incident will be generated whenever the device attempts an RDP connection.
  • B. The query is limited to detecting network activity and does not inspect process behavior.
  • C. The query is configured as a global hunting rule and is automatically visible across all organizations.
  • D. RDP connections will be automatically blocked and classified as suspicious.
Correct Answer: A

Brave-Dump Clients Votes

B 66.67%
A 33.33%

Comments



Anonymous User 2026-04-23 06:51:52

Selected Answers: B


the treat hunting query does not block nor create incidents. it is for investigations

Anonymous User 2026-04-24 06:59:28

Selected Answers: B


B

Anonymous User 2026-05-18 23:33:10

Selected Answers: A


• Threat hunting queries are made for automated activity detection and they could be scheduled.
https://community.fortinet.com/t5/Blogs/How-Threat-hunters-Can-Create-Scheduled-Queries-and-Custom/ba-p/238197
• No action will be done in this query because there is not a playbook configured and associated to it (playbooks could be associated to do actions) = No blocking
https://community.fortinet.com/t5/FortiEDR/Technical-Tip-FortiEDR-threat-hunting-overview-and-best/ta-p/421672
• The “Custom Query” option is not selected which means it is not visible to all organizations.
Administration Guide FortiEDR 7.2.1 p139 : https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/50bc9e02-d6cb-11f0-8b43-d2943efe5b2f/FortiEDR-7.2.1-Administration_Guide.pdf