View all questions & answers for the NSE 6 - FortiEDR 7.0 Administrator Exam Materials exam


NSE 6 - FortiEDR 7.0 Administrator Exam Materials-Question 6 Discussion
Comment Image Comment Image Comment Image

Refer to the Exhibit: Based on the event shown in the exhibit, which two statements about the event are true? (Choose two answers)

  • A. Playbooks are configured for this event.
  • B. The policy is in simulation mode.
  • C. The device is moved to isolation.
  • D. The event has been blocked.
Correct Answer: A,C

Brave-Dump Clients Votes

AC 100%

Comments



Brave-Dumps.com Admin 2026-04-19 22:22:27

Selected Answers: A, C


Explanation — Why this answer?

The exhibit shows that the device R2D2-kvm63 was moved from the “Training” group to the “High Security Collector Group” in FortiEDR.

This movement represents an isolation action triggered by a playbook.

The triggered rule “Training-eXtended Detection” confirms that a playbook was executed.

Moving the device to a High Security group is a form of isolation, not an event blocking action.

Anonymous User 2026-05-18 23:35:11

Selected Answers: A, C


• An action has been done (History) which means that there is a playbook configured
• It is not a simulation policy because simulation policy does not do any type of action they notify only
• No blocking happened in history the device has been moved toa different group and the extended Detction policies do not perform any blocking actions since it does not engage directly with collector
• By elimination the only response left is that the device has been oved to isolation but there is not clear indication of it. (VERIFY THIS ANSWER)