Which of the following is TRUE of the Logon Activities Report?
Which of the following is TRUE of the Logon Activities Report?A . Shows a graphical view of user logon activity and the hosts the user connected to B. The report can be filtered by computer name C. It gives a detailed list of all logon activity for users D. It...
Which of the following parameters can be used to override the 20 minute default provisioning window?
You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. Which of the following parameters can be used to override the 20 minute default provisioning window?A . ExtendedWindow=1 B. Timeout=0 C. ProvNoWait=1 D. Timeout=30View AnswerAnswer: D
What is the best way to prevent these in the future?
You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in...
What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?
What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?A . Falcon console updates are pending B. Falcon sensors installing an update C. Notifications have been disabled on that host sensor D. Microsoft updatesView AnswerAnswer: C
How do you disable all detections for a host?
How do you disable all detections for a host?A . Create an exclusion rule and apply it to the machine or group of machines B. Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your...
What command should be run to verify if a Windows sensor is running?
What command should be run to verify if a Windows sensor is running?A . regedit myfile.reg B. sc query csagent C. netstat -f D. ps -ef | grep falconView AnswerAnswer: B
When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?
When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?A . Maintenance token B. Customer ID (CID) C. Bulk update key D. Agent ID (AID)View AnswerAnswer: A
What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?
What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?A . To group hosts with others in the same business unit B. To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time C....
What is the next step to disable RTR only on these hosts?
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?A . Edit the Default Response Policy,...
Under the "Next-Gen Antivirus: Cloud Machine Learning" setting there are two categories, one of them is "Cloud Anti-Malware" and the other is:
Under the "Next-Gen Antivirus: Cloud Machine Learning" setting there are two categories, one of them is "Cloud Anti-Malware" and the other is:A . Adware & PUP B. Advanced Machine Learning C. Sensor Anti-Malware D. Execution BlockingView AnswerAnswer: B