What is the best way to update the workflow?
You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message. What is the best way to update the workflow?A . Clone the workflow and replace the...
Where should you first check for potential failures?
An analyst has reported they are not receiving workflow triggered notifications in the past few days. Where should you first check for potential failures?A . Custom Alert HistoryB . Workflow Execution logC . Workflow Audit logD . Falcon UI Audit TrailView AnswerAnswer: B
Which statement is TRUE concerning Falcon sensor certificate validation?
The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?A . SSL inspection should be configured to occur on all Falcon trafficB . Some network configurations, such as deep packet inspection, interfere with certificate validationC . HTTPS interception should be...
Which other operating system(s) will this policy manage?
You have created a Sensor Update Policy for the Mac platform. Which other operating system(s) will this policy manage?A . *nixB . WindowsC . Both Windows and *nixD . Only MacView AnswerAnswer: D Explanation: Reference: https://www.crowdstrike.com/blog/tech-center/how-to-manage-policies-in-falcon/
What is the purpose of precedence with respect to the Sensor Update policy?
What is the purpose of precedence with respect to the Sensor Update policy?A . Precedence applies to the Prevention policy and not to the Sensor Update policyB . Hosts assigned to multiple policies will assume the highest ranked policy in the list (policy with the lowest number)C . Hosts assigned...