Refer to the exhibit. The exhibit shows the forensics analysis of an event detected by the FortiEDR core. In this scenario, which statement is correct regarding the threat?
A.
This is an exfiltration attack and has been stopped by FortiEDR
B.
This is an exfiltration attack and has not been stopped by FortiEDR
C.
This is a ransomware attack and has not been stopped by FortiEDR
D.
This is a ransomware attack and has been stopped by FortiEDR
A,D not correct, because this is Simulated Block, and the 'block fortinet" is gray.
I would go with C
https://docs.fortinet.com/document/fortiedr/6.0.0/administration-guide/28226/flow-analyzer-view
C is the correct answer !
the last rightmost node logo is a file, meaning it is a ransomware attack, and the Block fortinet Logo is grey ( not red) meaning it is a simulated block...the attack was not stopped
B is correct
exhibit also shows that the attack is using the Cobalt Strike beacon. Cobalt Strike is a penetration testing tool that can be used for both legitimate and malicious purposes. In this case, the Cobalt Strike beacon is being used to exfiltrate files from the device.
This section is not available anymore. Please use the main Exam Page.NSE8_812 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Pat1361
10 months agoac89l
1 year, 3 months agoGolux
1 year, 4 months agoama6
1 year, 7 months agoama6
1 year, 7 months agopplee_sh
1 year, 8 months ago