View all questions & answers for the NSE 6 - FortiEDR 7.0 Administrator Exam Materials exam


NSE 6 - FortiEDR 7.0 Administrator Exam Materials-Question 25 Discussion

Refer to the Exhibit: Based on the incident details shown in the exhibit, which two statements about this incident are true? (Choose two answers)

  • A. The destination IP address is blocked by FortiGate.
  • B. The incident occurred on only one device.
  • C. The incident is classified by the FortiEDR Core.
  • D. The incident has already been fully handled.
Correct Answer: A,C

Brave-Dump Clients Votes

AC 100%

Comments



Brave-Dumps.com Admin 2026-04-19 22:05:04

Selected Answers: A, C


Explanation — Why this answer?

The Audit log shows “IP 74.125.235.20 was added to malicious IP addresses on firewall FortiGate,” confirming that the block was performed by FortiGate.

The response action “Classification Changed To: Suspicious (By Fortinet)” is an action taken by the Core.

The status is “Unhandled,” meaning the incident has not been resolved. Additionally, the second event shows “cwinserv-32 +2,” indicating that multiple devices are affected.