View all questions & answers for the NSE 6 - FortiEDR 7.0 Administrator Exam Materials exam


NSE 6 - FortiEDR 7.0 Administrator Exam Materials-Question 25 Discussion
Comment Image Comment Image Comment Image

Refer to the Exhibit: Based on the incident details shown in the exhibit, which two statements about this incident are true? (Choose two answers)

  • A. The destination IP address is blocked by FortiGate.
  • B. The incident occurred on only one device.
  • C. The incident is classified by the FortiEDR Core.
  • D. The incident has already been fully handled.
Correct Answer: A,C

Brave-Dump Clients Votes

AB 50%
AC 50%

Comments



Anonymous User 2026-04-30 15:19:06

Selected Answers: A, B


AB
A is true because the exhibit shows that the IP address (74.125.235.20) is classified as malicious and has been added to the FortiGate firewall as a blocked address.
B is true because the incident is shown for only one device, cwinserv-32, which is the only device listed under the Device column.

Anonymous User 2026-05-18 23:59:45

Selected Answers: A, C


• The exhibit shows that the IP address was added to FortiGATE malicious Ips
• There are two devices shown in the exhibit not one (cwinserv32 and cwinserv32+2) so it didn't occur on only one device
• The classification changed by Fortinet which means FortiEDR core
• The incident status is unhandled