Once an exclusion is saved, what can be edited in the future?
Once an exclusion is saved, what can be edited in the future?A . All parts of the exclusion can be changed B. Only the selected groups and hosts to which the exclusion is applied can be changed C. Only the options to "Detect/Block" and/or "File Extraction" can be changed D....
What is the most appropriate role that can be added to fullfil this requirement?
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?A . Remediation Manager B....
What impact does disabling detections on a host have on an API?
What impact does disabling detections on a host have on an API?A . Endpoints with detections disabled will not alert on anything until detections are enabled again B. Endpoints cannot have their detections disabled individually C. DetectionSummaryEvent stops sending to the Streaming API for that host D. Endpoints with detections...
How are user permissions set in Falcon?
How are user permissions set in Falcon?A . Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions B. Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a...
When a host is placed in Network Containment, which of the following is TRUE?
When a host is placed in Network Containment, which of the following is TRUE?A . The host machine is unable to send or receive network traffic outside of the local network B. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and traffic...
Which option allows you to exclude behavioral detections from the detections page?
Which option allows you to exclude behavioral detections from the detections page?A . Machine Learning Exclusion B. IOA Exclusion C. IOC Exclusion D. Sensor Visibility ExclusionView AnswerAnswer: B
What is the purpose of precedence with respect to the Sensor Update policy?
What is the purpose of precedence with respect to the Sensor Update policy?A . Precedence applies to the Prevention policy and not to the Sensor Update policy B. Hosts assigned to multiple policies will assume the highest ranked policy in the list (policy with the lowest number) C. Hosts assigned...
What command should be run to verify if a Windows sensor is running?
What command should be run to verify if a Windows sensor is running?A . regedit myfile.reg B. sc query csagent C. netstat -f D. ps -ef | grep falconView AnswerAnswer: B
Why is the ability to disable detections helpful?
Why is the ability to disable detections helpful?A . It gives users the ability to set up hosts to test detections and later remove them from the console B. It gives users the ability to uninstall the sensor from a host C. It gives users the ability to allowlist a...
Which role will allow someone to manage quarantine files?
Which role will allow someone to manage quarantine files?A . Falcon Security Lead B. Detections Exceptions Manager C. Falcon Analyst C Read Only D. Endpoint ManagerView AnswerAnswer: A