What is the maximum number of patterns that can be added when creating a new exclusion?
What is the maximum number of patterns that can be added when creating a new exclusion?A . 10 B. 0 C. 1 D. 5View AnswerAnswer: C
What is the next step to disable RTR only on these hosts?
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?A . Edit the Default Response Policy,...
What is the purpose of precedence with respect to the Sensor Update policy?
What is the purpose of precedence with respect to the Sensor Update policy?A . Precedence applies to the Prevention policy and not to the Sensor Update policy B. Hosts assigned to multiple policies will assume the highest ranked policy in the list (policy with the lowest number) C. Hosts assigned...
What command should be run to verify if a Windows sensor is running?
What command should be run to verify if a Windows sensor is running?A . regedit myfile.reg B. sc query csagent C. netstat -f D. ps -ef | grep falconView AnswerAnswer: B
Which other operating system(s) will this policy manage?
You have created a Sensor Update Policy for the Mac platform. Which other operating system(s) will this policy manage?A . *nix B. Windows C. Both Windows and *nix D. Only MacView AnswerAnswer: D Explanation: Reference: https://www.crowdstrike.com/blog/tech-center/how-to-manage-policies-in-falcon/
Where should you first check for potential failures?
An analyst has reported they are not receiving workflow triggered notifications in the past few days. Where should you first check for potential failures?A . Custom Alert History B. Workflow Execution log C. Workflow Audit log D. Falcon UI Audit TrailView AnswerAnswer: B
What is the most appropriate role that can be added to fullfil this requirement?
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?A . Remediation Manager B....
What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?
What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?A . To group hosts with others in the same business unit B. To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time C....
In order to quarantine files on the host, what prevention policy settings must be enabled?
In order to quarantine files on the host, what prevention policy settings must be enabled?A . Malware Protection and Custom Execution Blocking must be enabled B. Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabled C. Malware Protection and Windows Anti-Malware Execution Blocking must be enabled...
Which of the following is TRUE of the Logon Activities Report?
Which of the following is TRUE of the Logon Activities Report?A . Shows a graphical view of user logon activity and the hosts the user connected to B. The report can be filtered by computer name C. It gives a detailed list of all logon activity for users D. It...