When creating new IOCs in IOC management, which of the following fields must be configured?
When creating new IOCs in IOC management, which of the following fields must be configured?A . Hash, Description, Filename B. Hash, Action and Expiry Date C. Filename, Severity and Expiry Date D. Hash, Platform and ActionView AnswerAnswer: D
Under the "Next-Gen Antivirus: Cloud Machine Learning" setting there are two categories, one of them is "Cloud Anti-Malware" and the other is:
Under the "Next-Gen Antivirus: Cloud Machine Learning" setting there are two categories, one of them is "Cloud Anti-Malware" and the other is:A . Adware & PUP B. Advanced Machine Learning C. Sensor Anti-Malware D. Execution BlockingView AnswerAnswer: A
Which exclusion pattern will prevent detections on a file at C:Program FilesMy ProgramMy Filesprogram.exe?
Which exclusion pattern will prevent detections on a file at C:Program FilesMy ProgramMy Filesprogram.exe?A . Program FilesMy ProgramMy Files* B. Program FilesMy Program* C. ** D. *Program FilesMy Program*View AnswerAnswer: B
What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?
What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?A . Falcon console updates are pending B. Falcon sensors installing an update C. Notifications have been disabled on that host sensor D. Microsoft updatesView AnswerAnswer: D
How do you disable all detections for a host?
How do you disable all detections for a host?A . Create an exclusion rule and apply it to the machine or group of machines B. Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your...
When a host is placed in Network Containment, which of the following is TRUE?
When a host is placed in Network Containment, which of the following is TRUE?A . The host machine is unable to send or receive network traffic outside of the local network B. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and traffic...
Where can you modify settings to permit certain traffic during a containment period?
Where can you modify settings to permit certain traffic during a containment period?A . Prevention Policy B. Host Settings C. Containment Policy D. Firewall SettingsView AnswerAnswer: C
Which of the following parameters can be used to override the 20 minute default provisioning window?
You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. Which of the following parameters can be used to override the 20 minute default provisioning window?A . ExtendedWindow=1 B. Timeout=0 C. ProvNoWait=1 D. Timeout=30View AnswerAnswer: A
What impact does disabling detections on a host have on an API?
What impact does disabling detections on a host have on an API?A . Endpoints with detections disabled will not alert on anything until detections are enabled again B. Endpoints cannot have their detections disabled individually C. DetectionSummaryEvent stops sending to the Streaming API for that host D. Endpoints with detections...
Why is the ability to disable detections helpful?
Why is the ability to disable detections helpful?A . It gives users the ability to set up hosts to test detections and later remove them from the console B. It gives users the ability to uninstall the sensor from a host C. It gives users the ability to allowlist a...