Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CCFA
Free trial
Verified
Question 26
How can a API client secret be viewed after it has been created?
- A: Selecting "show secret" within the 3-dot dropdown menu will reveal the secret for the selected api client
- B: Within the API management page, API client secrets can be accessed within the "edit client" functionality
- C: The API client secret must be reset or a new client created as the secret cannot be viewed after it has been created
- D: The API client secret can be provided by support via direct email request from a Falcon Administrator
Question 27
Which of the following is NOT an available action for an API Client?
- A: Reset an API Client Secret
- B: Retrieve an API Client Secret
- C: Edit an API Client
- D: Delete an API Client
Question 28
The Falcon Administrator has created a new prevention policy to apply to the "Servers" group; however, when applying the new prevention policy this group is not appearing in the list of available groups. What is the most likely issue?
- A: The "Servers" group already has a policy applied to it
- B: The "Servers" group must be disabled first
- C: The new prevention policy should be enabled first
- D: Host type was not defined correctly within the prevention policy
Question 29
What critical prevention policy setting prevents sensor-related files, folders, and registry objects from being renamed or deleted?
- A: Sensor Modification Protection
- B: System Configuration Protection
- C: Sensor Tampering Protection
- D: Host Modification Protection
Question 30
When editing an existing IOA exclusion, what can NOT be edited?
- A: The exclusion name
- B: All parts of the exclusion can be changed
- C: The IOA name
- D: The hosts groups
Question 31
After enabling an IOA rule and its respective rule group, what else must be done for an IOA to be fully functional?
- A: Nothing else needs to be done; the rule should start working
- B: The rule group must be assigned to one or more prevention policies
- C: The rule needs to be manually triggered to ensure it works as intended
- D: You must individually select which hosts you would like to apply to rule to
Question 32
Which of the following uses Regex to create a detection or take a preventative action?
- A: Machine Learning Exclusion
- B: Custom IOA
- C: Custom IOC
- D: Sensor Visibility Exclusion
Question 33
When creating a custom IOA for a specific domain, which syntax would be best for detecting or preventing on all subdomains as well?
- A: .*\.baddomain\.xyz|baddomain\.xyz
- B: **baddomain\.xyz|baddomain\.xyz**
- C: .*baddomain\.xyz|baddomain\.xyz.*
- D: Custom IOA rules cannot be created for domains
Question 34
Which Real Time Response role will allow you to see all analyst session details?
- A: None of the Real Time Response roles allows this
- B: Real Time Response - Active Responder
- C: Real Time Response - Read-Only Analyst
- D: Real Time Response - Administrator
Question 35
Which role is required to manage groups and policies in Falcon?
- A: Falcon Host Analyst
- B: Falcon Host Administrator
- C: Prevention Hashes Manager
- D: Falcon Host Security Lead
Question 36
How do user permissions function in Falcon?
- A: Custom user role permission sets are shared with all CrowdStrike customers globally
- B: Each Falcon permission needs to be selected when the user account is created
- C: User permissions grow more restrictive, the more roles assigned to a user the less capabilities they would potentially have
- D: User permissions are cumulative, the more roles assigned to a user the more capabilities they would potentially have
Question 37
If you are not able to update your Falcon sensors on a regular basis, what is the maximum recommended aging period before updating your sensors?
- A: 7 days
- B: 60 days
- C: 90 days
- D: There is no maximum aging period
Question 38
What is the purpose of the "Auto - Latest" setting in a sensor update policy?
- A: This setting overrides any user confirmation/interaction and applies the selected policy
- B: This setting automatically assigns the latest Indicator of Attack (IOA) profiles and Next-Gen Antivirus (NGAV) machine learning to the selected endpoints ensuring the highest level of security
- C: This setting automatically assigns new hosts that come online to this policy
- D: This setting will cause all assigned hosts to be updated to the most current version as soon as it becomes available
Question 39
Which of the following steps are required to delete a sensor update policy?
- A: Remove the policy from all assigned host groups, disable the policy, then click Delete from the policy's settings
- B: From the policy's settings, disable all toggles first, then click Delete
- C: Remove the policy from all assigned host groups, then click Delete from the policy's settings
- D: From the policy's settings, disable the policy, then click Delete
Question 40
What best describes the relationship between Sensor Update policies and Operating Systems?
- A: Sensor Update polices are not Operating System specific. One policy can be applied to all Operating Systems
- B: A Sensor Update policy must be configured for each Operating System (Windows, Mac, Linux)
- C: Windows and Mac share Sensor Update policies. Linux requires its own set of polices based on the different kernel versions
- D: Windows has its own Sensor Update polices. But Mac and Linux share Sensor Update policies
Question 41
Which of the following pages provides a count of sensors in Reduced Functionality Mode (RFM) by Operating System?
- A: Sensor Health
- B: Support and resources
- C: Activity Overview
- D: Hosts Overview
Question 42
What best describes what happens to detections in the console after clicking "Disable Detections" for a host from within the Host Management page?
- A: Preventions will be disabled for the host
- B: You cannot disable detections for a host
- C: The detections for the host are removed from the console immediately and no new detections will display in the console going forward
- D: Existing detections for the host remain, but no new detections will display in the console going forward
Question 43
An inactive host that does not contact the Falcon cloud will be automatically removed from the Host Management and Trash pages after how many days?
- A: 75 Days
- B: 45 Days
- C: 60 Days
- D: 90 Days
Question 44
Which statement is TRUE regarding disabling detections on a host?
- A: Hosts with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed
- B: Hosts with detections disabled will not alert on anything until detections are enabled again
- C: Hosts with detections disabled will not alert on blocklisted hashes or machine learning detections, but will still alert on IOA-based detections. It will remain that way until detections are enabled again
- D: Hosts cannot have their detections disabled individually
Question 45
Which of the following can a Falcon Administrator edit in an existing user's profile?
- A: First or Last name
- B: Phone number
- C: Email address
- D: Working groups
Question 46
How many days will an inactive host remain visible within the Host Management or Trash pages?
- A: 90 days
- B: 120 days
- C: 15 days
- D: 45 days
Question 47
Which of the following is TRUE regarding disabling detections for a host?
- A: The DetectionSummaryEvent continues being sent to the Streaming API for that host
- B: After disabling detections, the host will operate in Reduced Functionality Mode (RFM) until detections are enabled
- C: The detections for that host are removed from the console immediately. No new detections will display in the console going forward unless detections are enabled
- D: After disabling detections, the data for all existing detections prior to disabling detections is removed from the Event Search
That’s the end of your free questions
You’ve reached the preview limit for CCFAConsider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!