NSE7_ATP-2.5 exam

At which stage of the kill chain will an attacker use tools, such as nmap, ARIN, and banner grabbing, on the targeted organization’s network?A . ExploitationB . ReconnaissanceC . Lateral movementD . WeaponizationView AnswerAnswer: B

Which of the following are features of network share scanning of FortiSandbox? (Choose two.)A . Move clean files to a separate network share.B . Replace suspicious files with a replacement message.C . Detect malicious URLs.D . Detect network attacks.View AnswerAnswer: AC Explanation: Reference: https://help.fortinet.com/fsandbox/olh/2-5-1/Document/900_Scan%20Input/900_Network%20Share/100_Network%20Share.htm

Which of the advanced threat protection solutions should you use to protect against an attacker may take during the lateral movement stage of the kill chain? (Choose two.)A . FortiClient and FortiSandboxB . FortiMail and FortiSandboxC . FortiGate and FortiSandboxD . FortiWeb and FortiSandboxView AnswerAnswer: BD

When using FortiSandbox in sniffer-mode, you should configure FortiSandbox to inspect both inbound and outbound traffic. What type of threats can FortiSandbox detect on inbound traffic? (Choose two.)A . Botnet connectionsB . MalwareC . Malicious URLsD . Intrusion attemptsView AnswerAnswer: AC

Which of the kill chain stages does Fortinet’s advanced threat protection solution block? (Choose three.)A . Command and controlB . DeliveryC . ReconnaissanceD . Lateral movementE . WeaponizationView AnswerAnswer: ACD

Examine the FortiGate antivirus logs shown in the exhibit, than answer the following question: Based on the logs shown, which of the following statements is correct? (Choose two.)A . The fsa_dropper.exe file was blocked using a local black list entry.B . The fsa_sample_1.exe file was not sent to FortiSandbox.C ....

Examine the Suspicious Indicators section of the scan job shown in the exhibit, then answer the following question: Which FortiSandbox component identified the vulnerability exploits?A . VM scanB . Antivirus scanC . Static analysisD . Cache checkView AnswerAnswer: C

Examine the FortiSandbox Scan Profile configuration shown in the exhibit, and then answer the following question: Based on the configuration, which of the following statements are true? (Choose two.)A . PDF files will be inspected in the WIN7X86VM)16 VC . URLs submitted using JSON API will not be inspected.D ....

Which samples can FortiClient submit to FortiSandbox for analysis? (Choose two.)A . Downloads from emailsB . URLs from web requestsC . Command and control trafficD . Files from removable storageView AnswerAnswer: AD Explanation: FortiClient supports integration with FortiSandbox, including on-premise FortiSandbox appliances and FortiSandbox Cloud. When configured, FortiSandbox automatically scans...

Which advanced threat protection integration solution should you use to protect against out-of-band attack vectors, such as USB drives, used during the delivery stage of the kill chain?A . FortiGate and FortiSandboxB . FortiMail and FortiSandboxC . FortiWeb and FortiSandboxD . FortiClient and FortiSandboxView AnswerAnswer: B Explanation: Reference: https://www.infosecpartners.com/fortimail-fortisandbox-perfect-partners/