NSE7_ATP-2.5 Online Practice Questions and Answers

At which stage of the kill chain will an attacker use tools, such as nmap, ARIN, and banner grabbing, on the targeted organization's network?

A. Exploitation

B. Reconnaissance

C. Lateral movement

D. Weaponization

Which of the following are features of network share scanning of FortiSandbox? (Choose two.)

A. Move clean files to a separate network share.

B. Replace suspicious files with a replacement message.

C. Detect malicious URLs.

D. Detect network attacks.

FortiSandbox generates structured threat information exchange (STIX) packages for which of the following threats? (Choose two.)

A. Botnet connections

B. Malware

C. Intrusion attempts

D. Malicious URLs

What information does a scan job report include? (Choose two.)

A. Updates to the antivirus database

B. Summary of the file activity

C. Details about system files deleted of modified

D. Changes to the FortiSandbox configuration

Examine the CLI configuration, than answer the following question:

Which of the following statements is true regarding this FortiMail's inspection behavior?

A. Malicious URLs will be removed by antispam and replaced with a message.

B. Suspicious files not detected by antivirus will be inspected by FortiSandbox.

C. Known malicious URLs will be inspected by FortiSandbox.

D. Files are skipped by content profile will be inspected by FortiSandbox.

What advantage does sandboxing provide over traditional virus detection methods?

A. Heuristics detection that can detect new variants of existing viruses.

B. Pattern-based detection that can catch multiple variants of a virus.

C. Full code execution in an isolated and protected environment.

D. Code emulation as packets are handled in real-time.

Which of the following actions are performed by FortiSandbox at the static analysis stage?

A. All activity is monitored and recorded while the sample is executed in a virtual environment.

B. The sample's file type is determined and submitted into the appropriate scan job queue.

C. The sample behavior is analyzed and embedded objects are extracted for analysis.

D. Embedded attachments are scanned using the FortiGuard antivirus engine and the latest signature database.

Examine the scan job report shown in the exhibit, then answer the following question: Which of the following statements are true regarding this verdict? (Choose two.)

A. The file contained malicious JavaScipt.

B. The file contained a malicious macro.

C. The file was sandboxed in two-guest VMs.

D. The file was extracted using sniffer-mode inspection.

Examine the following topology shown in the exhibit, then answer the following question: Which of the following configuration tasks are applicable to secure Webserver from known threats? (Choose two.)

A. Apply an SSL inspection profile configured for protecting SSL server.

B. Apply an antivirus profile to the port1 -> port2 firewall policy.

C. Apply an SSL inspection profile configured for full SSL inspection.

D. Apply a web filter profile to the port1 -> port2 firewall policy.

Examine the FortiSandbox configuration on FortiMail shown in the exhibit, then answer the following question:

What does the Scan result expires in value specify?

A. How often the local scam results cache will expire on FortiMail.

B. How long FortiMail will wait to send a file or URI to FortiSandbox.

C. How long FortiMail will wait for a scan result from FortiSandbox.

D. How long FortiMail will query FortiSandbox for a scan result.