CCFA Practice Exam Questions and Answers 100% correct
8 keer bekeken 0 aankoop
Vak
RHFAC
Instelling
RHFAC
CCFA Practice Exam Questions and Answers 100% correct
How long are inactive sensors retained for in the Host Management Page and visible in the inactive sensors page?
45 Days
What happens when you undo a release from quarantine?
The Falcon sensor treats the file as malicious again. The ne...
CCFA Practice Exam Questions and
Answers 100% correct
How long are inactive sensors retained for in the Host Management Page and visible in
the inactive sensors page? - answer 45 Days
What happens when you undo a release from quarantine? - answer The Falcon
sensor treats the file as malicious again. The next time the file attempts to execute, the
sensor blocks and quarantines it again.
What is IOC Management used for? - answer To allowlist executables as a
compensating control for false positives or to reduce noise.
Where can you locate a list of MacOS hosts that are in Reduced Functionality Mode? -
answer RFM doesn't apply to MacOS hosts.
What is the max number of grouping tags that can be added per host? - answer 50
How many hosts can you assign to a static host group at a time? - answer 1000
Around what model are Fusion Workflows built? - answer Trigger, Condition, Action
What causes a Falcon sensor to go into Reduced Functionality Mode? - answer
When the agent is not compatible with the current version of the kernel running on the
operating system.
What is the Prevention Policy Debug report used for? - answer To debug issues with
prevention policies not being set
How do you change your own password in the Falcon console if you're not using Single
Sign-on? - answer After logging in, go to the User Profile settings and click the
Change Password link. Then supply your current and new passwords.
What kind of information may be found in the Falcon UI Audit trail? - answer Details
about user and API activity in the Falcon console
What are the available methods for uninstalling a Falcon sensor on a Windows OS? -
answer Use the Windows Control Panel
What is a required field when creating users? - answer User Email
, Quarantined file records are found where? - answer Endpoint security > Monitor >
Quarantined Files
Which of the following are options in the NextGenAV detection and prevention settings
On-Sensor ML Sliders? - answer Disabled, Cautious, Moderate, Aggressive and
Extra Aggressive
In order to quarantine files on an endpoint, what prevention policy setting must be in
place? - answer Next-Gen Antivirus Prevention sliders and "Quarantine & Security
Center Registration" must be enabled
What is the max number of Falcon Grouping tags that can be added per CID? - answer
1000
When uninstalling or removing a sensor, which of the following is required if the
"Uninstall and maintenance protection" setting is enabled within the Sensor Update
Policies? - answer Maintenance token
What is the correct purpose of a sensor visibility exclusion? - answer To remediate
issues where the Falcon sensor may cause a performance or application compatibility
interaction by configuring the sensor to completely ignore a target path or process
What is the function of a single asterisk (*) in a ML Exclusion or Sensor Visibility
Exclusion? - answer The single asterisk will match any number of characters,
including none. It does not include seperator characters, such as \ or / which seperate.
The Falcon sensor required what network protocol to communicate with the CS Cloud?
- answer TLS1.2
You have recently noticed that one of the sensors on an endpoint is marked as inactive
within the Falcon platform. What could be a possible reason for this? - answer The
sensor is not communicating with the Falcon cloud.
What is the ML Prevention Monitoring Report used for? - answer To view malware
that would have been blocked in your environment over a timeframe based on different
Machine Learning Prevention settings.
Where do you set up automated detection emails? - answer You go to support and
resources > Resources and tools > General settings and manage the list for detection
and incident emails.
What commands can a 'Real-Time Responder - Active Responder' run? - answer All
of the commands, except for cswindiag, falconscript, put, put-and-run, run
What is the limit for individual IP addresses and ranges that a firewall rule can contain?
- answer 1000
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper Pogba119. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor $11.49. Je zit daarna nergens aan vast.
