NSE 5 – FortiEDR 5.0 — Question 26

What is the benefit of using file hash along with the file name in a threat hunting repository search?

Answer options

• A. It helps to check the malware even if the malware variant uses a different file name.
• B. It helps to make sure the hash is really a malware.
• C. It helps to find if some instances of the hash are actually associated with a different file.
• D. It helps locate a file as threat hunting only allows hash search.

Correct answer: A

Explanation

The correct answer, A, is accurate because using a file hash allows for the identification of malware regardless of the file name changes that may occur. Option B is incorrect as the hash alone does not confirm the nature of the file; it simply provides a unique identifier. Option C is misleading since the hash is meant to identify the specific file, not associate it with others. Option D is false because threat hunting can also utilize file names in searches, not just hashes.