NSE 5 – FortiEDR 5.0 — Question 29

Which two investigation issues requires a full memory dump of the FortiEDR collector? (Choose two.)

Answer options

• A. System hang issue
• B. Third-party application issues
• C. System crash issue
• D. Collector and core connectivity issue events

Correct answer: A, C

Explanation

A full memory dump is essential for analyzing system hang and crash issues because it captures the state of the system at the time of the problem, providing crucial information for troubleshooting. In contrast, third-party application issues and connectivity events may not require such an extensive data collection method, as they can often be resolved with less detailed information.