View all questions & answers for the NSE 6 - FortiEDR 7.0 Administrator Exam Materials exam


NSE 6 - FortiEDR 7.0 Administrator Exam Materials-Question 13 Discussion

Refer to the exhibits. What happens when the net user command runs on an endpoint? (Choose one answer)

  • A. It triggers an immediate endpoint alert.
  • B. It blocks CLI commands by default.
  • C. It triggers an incident when the query matches the target process (net.exe).
  • D. It triggers FortiEDR rules because the activity is not suspicious.
Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments



Brave-Dumps.com Admin 2026-04-19 22:16:40

Selected Answers: C


Explanation — Why this answer?

The query is configured with Target.Process.Filename = “net.exe” as the matching criterion and a classification set to “Suspicious”, scheduled to run every 15 minutes in FortiEDR.

When net.exe is executed, the scheduled query detects the process and generates an incident classified as “Suspicious.”

By default, FortiEDR does not block CLI commands, so the action results in detection and alerting, not prevention.