NSE 5 – FortiEDR 5.0 — Question 33

The FortiEDR core classified an event as inconclusive, but a few seconds later FCS revised the classification to malicious.
What playbook actions are applied to the event?

Answer options

• A. Playbook actions applied to suspicious events
• B. Playbook actions applied to inconclusive events
• C. Playbook actions applied to handled events
• D. Playbook actions applied to malicious events

Correct answer: D

Explanation

The correct answer is D because when an event is reclassified as malicious, the playbook actions designated for malicious events are triggered to address the threat. Options A, B, and C refer to different classifications that do not apply once the event has been confirmed as malicious.