A. False. NGAV is execution prevention.
https://docs.fortinet.com/document/fortiedr/5.2.1/administration-guide/354083/introducing-fortiedr
B. False. It should say "by FortinetCloudServices"
C. True. Mostly because A & B are false.
D. True. Exfiltration happens after execution.
The file was executed. As you can see in the screenshot the Exfiltration Policy was invoked, therefore this policy is invoked in the post infection phase of the EDR protection method. So if it is in the post infection phase, then NGAV was not capable to block the execution of the file.
the correct answer is C and D.
Similar cenario available on the FortiEDR Lab Guide pag 38
"Stop and think!
Why wasn’t the process caught by the Execution Prevention policy like you saw earlier? Because, in some
cases, with brand new or very sophisticated malware, NGAV cannot detect the attack. This is when the
post-infection prevention policies really shine. An unrecognized malicious program may occasionally be
allowed to launch, but FortiEDR will stop it before it is able to cause harm."
A. TRUE. NGAV is execution prevention."This blocks the execution of files that are identified as malicious or suspected to be malicious." I find this in the link:
https://docs.fortinet.com/document/fortiedr/5.2.1/administration-guide/354083/introducing-fortiedr
B. False. It should say "by FortinetCloudServices"
C. True.
D. FALSE. The NGAV will block it
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Agent1994
Highly Voted 1 year, 12 months agoChogi_
1 year, 11 months agorac_sp
Most Recent 1 year agoLatrel
1 year, 2 months agothinasci01
1 year, 4 months agojoeytrib
1 year, 7 months agothommy88
1 year, 8 months agoBrunoLu
1 year, 10 months agoBrunoLu
1 year, 10 months agoheadhunter24
2 years ago