Create Next App

Exam contains 175 questions

Page 2 of 30

Question 7 🔥

When creating new IOCs in IOC management, which of the following fields must be configured?

Which database solution meets these requirements?

A. Hash, Description, Filename

Highly voted

B. Hash, Action and Expiry Date

Highly voted

C. Filename, Severity and Expiry Date

Highly voted

D. Hash, Platform and Action

Highly voted

Discussion of the question

Question 8 🔥

Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?

Which database solution meets these requirements?

A. Remediation Manager

Highly voted

B. Real Time Responder – Read Only Analyst

Highly voted

C. Falcon Analyst – Read Only

Highly voted

D. Real Time Responder – Active Responder

Highly voted

Discussion of the question

Question 9 🔥

One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?

Which database solution meets these requirements?

A. USB Device Policy

Highly voted

B. Firewall Rule Group

Highly voted

C. Containment Policy

Highly voted

D. Machine Learning Exclusions

Highly voted

Discussion of the question

Question 10 🔥

How do you disable all detections for a host?

Which database solution meets these requirements?

A. Create an exclusion rule and apply it to the machine or group of machines

Highly voted

B. Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)

Highly voted

C. You cannot disable all detections on individual hosts as it would put them at risk

Highly voted

D. In Host Management, select the host and then choose the option to Disable Detections

Highly voted

Discussion of the question

Question 11 🔥

To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

Which database solution meets these requirements?

A. Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead

Highly voted

B. Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only

Highly voted

C. Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block

Highly voted

D. Using IOC management, import the list of hashes and IP addresses and set the action to No Action

Highly voted

Discussion of the question

Question 12 🔥

What is the function of a single asterisk (*) in an ML exclusion pattern?

Which database solution meets these requirements?

A. The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path

Highly voted

B. The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path

Highly voted

C. The single asterisk is the insertion point for the variable list that follows the path

Highly voted

D. The single asterisk is only used to start an expression, and it represents the drive letter

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

crowdstrike CCFA

Exam contains 175 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us