- All Exams Instant Download
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?A . TCP port 22 (SSH)B . TCP port 443 (HTTPS)C . TCP port 80 (HTTP)D . TCP UDP port 53 (DNS)View AnswerAnswer: B
How do you disable all detections for a host?
How do you disable all detections for a host?A . Create an exclusion rule and apply it to the machine or group of machinesB . Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your...
What is the best way to update the workflow?
You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message. What is the best way to update the workflow?A . Clone the workflow and replace the...
An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?
An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?A . File exclusions are not aligned to groups or hostsB . There is a limit of three groups of hosts applied to any exclusionC . There is no limit and exclusions can be...
What is the most appropriate role that can be added to fullfil this requirement?
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?A . Remediation ManagerB ....
On a Windows host, what is the best command to determine if the sensor is currently running?
On a Windows host, what is the best command to determine if the sensor is currently running?A . sc query csagentB . netstat -aC . This cannot be accomplished with a commandD . ping falcon.crowdstrike.comView AnswerAnswer: A
Which is a filter within the Host setup and management > Host management page?
Which is a filter within the Host setup and management > Host management page?A . User nameB . OUC . BIOS VersionD . LocalityView AnswerAnswer: B
Which role do you need added to your user account to have this capability?
Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?A . Real Time ResponderB . Endpoint...
Why is it critical to have separate sensor update policies for Windows/Mac/*nix?
Why is it critical to have separate sensor update policies for Windows/Mac/*nix?A . There may be special considerations for each OSB . To assist with testing and tracking sensor rolloutsC . The network protocols are different for each host OSD . It is an auditing requirementView AnswerAnswer: A
In order to quarantine files on the host, what prevention policy settings must be enabled?
In order to quarantine files on the host, what prevention policy settings must be enabled?A . Malware Protection and Custom Execution Blocking must be enabledB . Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabledC . Malware Protection and Windows Anti-Malware Execution Blocking must be enabledD...
