NSE7_ATP-2.5 Online Practice Questions and Answers
Examine the FortiGate antivirus logs shown in the exhibit, than answer the following question:
Based on the logs shown, which of the following statements is correct? (Choose two.)
A. The fsa_dropper.exe file was blocked using a local black list entry.
B. The fsa_sample_1.exe file was not sent to FortiSandbox.
C. The eicar.exe file was blocked using a FortiGiard generated signature.
D. The fsa_downloader.exe file was not blocked by FortiGate.
At which stage of the kill chain will an attacker use tools, such as nmap, ARIN, and banner grabbing, on the targeted organization's network?
A. Exploitation
B. Reconnaissance
C. Lateral movement
D. Weaponization
FortiGate root VDOM is authorized and configured to send suspicious files to FortiSandbox for inspection. The administrator creates a new VDOM, and then generates some traffic so that the new VDOM sends a file to FortiSandbox for the first time.
Which of the following is true regarding this scenario?
A. FortiSandbox will accept the file, but not inspect it until the administrator manually configures the new VDOM on FortiSandbox.
B. FortiSandbox will inspect all files based on the root VDOM authorization state and configuration.
C. FortiSandbox will accept the file, but not inspect it until the administrator manually authorizes the new VDOM on FortiSandbox.
D. By default, FortiSandbox will autoauthorize the new VDOM, and inspect files as they are received.
Examine the System Information widget shown in the exhibit, then answer the following question:
Which of the following inspections will FortiSandbox perform on samples submitted for sandboxing? (Choose two.)
A. URL rating on FQDN seen in DNS requests
B. IP reputation check on callback connections
C. Antivirus inspection on downloaded files
D. URL rating on HTTP GET requests
Which of the kill chain stages does Fortinet's advanced threat protection solution block? (Choose three.)
A. Command and control
B. Delivery
C. Reconnaissance
D. Lateral movement
E. Weaponization
Which of the advanced threat protection solutions should you use to protect against an attacker may take during the lateral movement stage of the kill chain? (Choose two.)
A. FortiClient and FortiSandbox
B. FortiMail and FortiSandbox
C. FortiGate and FortiSandbox
D. FortiWeb and FortiSandbox
Which of the following scan job report sections are generated by static analysis? (Choose two.)
A. Office Behaviors
B. Launched Processes
C. Registry Changes
D. Virtual Simulator
Examine the CLI configuration, than answer the following question:
Which of the following statements is true regarding this FortiMail's inspection behavior?
A. Malicious URLs will be removed by antispam and replaced with a message.
B. Suspicious files not detected by antivirus will be inspected by FortiSandbox.
C. Known malicious URLs will be inspected by FortiSandbox.
D. Files are skipped by content profile will be inspected by FortiSandbox.
Which FortiWeb feature supports file submission to FortiSandbox?
A. Attack signature
B. Credential stuffing defense
C. IP reputation
D. File security
Examine the scan job report shown in the exhibit, then answer the following question: Which of the following statements are true regarding this verdict? (Choose two.)
A. The file contained malicious JavaScipt.
B. The file contained a malicious macro.
C. The file was sandboxed in two-guest VMs.
D. The file was extracted using sniffer-mode inspection.