- All Exams Instant Download
Why is the ability to disable detections helpful?
Why is the ability to disable detections helpful?A . It gives users the ability to set up hosts to test detections and later remove them from the consoleB . It gives users the ability to uninstall the sensor from a hostC . It gives users the ability to allowlist a...
What command should be run to verify if a Windows sensor is running?
What command should be run to verify if a Windows sensor is running?A . regedit myfile.regB . sc query csagentC . netstat -fD . ps -ef | grep falconView AnswerAnswer: B
What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?
What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?A . Falcon console updates are pendingB . Falcon sensors installing an updateC . Notifications have been disabled on that host sensorD . Microsoft updatesView AnswerAnswer: D
Which of the following applies to Custom Blocking Prevention Policy settings?
Which of the following applies to Custom Blocking Prevention Policy settings?A . Hashes must be entered on the Prevention Hashes page before they can be blocked via this policyB . Blocklisting applies to hashes, IP addresses, and domainsC . Executions blocked via hash blocklist may have partially executed prior to...
What setting can you use to reduce false positives on this file path?
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false...
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?A . TCP port 22 (SSH)B . TCP port 443 (HTTPS)C . TCP port 80 (HTTP)D . TCP UDP port 53 (DNS)View AnswerAnswer: B
Which option allows you to exclude behavioral detections from the detections page?
Which option allows you to exclude behavioral detections from the detections page?A . Machine Learning ExclusionB . IOA ExclusionC . IOC ExclusionD . Sensor Visibility ExclusionView AnswerAnswer: B
How do you assign a Prevention policy to one or more hosts?
How do you assign a Prevention policy to one or more hosts?A . Create a new policy and assign it directly to those hosts on the Host Management pageB . Modify the users roles on the User Management pageC . Ensure the hosts are in a group and assign that...
Which of the following parameters can be used to override the 20 minute default provisioning window?
You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. Which of the following parameters can be used to override the 20 minute default provisioning window?A . ExtendedWindow=1B . Timeout=0C . ProvNoWait=1D . Timeout=30View AnswerAnswer: C
What type of information is found in the Linux Sensors Dashboard?
What type of information is found in the Linux Sensors Dashboard?A . Hosts by Kernel Version, Shells spawned by Root, Wget/Curl UsageB . Hidden File execution, Execution of file from the trash, Versions Running with ComputerNamesC . Versions running, Directory Made Invisible to Spotlight, Logging/Auditing Referenced, Viewed, or ModifiedD ....
