CCFA Practice Exam Questions and Answers 100% correct
8 views 0 purchase
Course
RHFAC
Institution
RHFAC
CCFA Practice Exam Questions and Answers 100% correct
How long are inactive sensors retained for in the Host Management Page and visible in the inactive sensors page?
45 Days
What happens when you undo a release from quarantine?
The Falcon sensor treats the file as malicious again. The ne...
CCFA Practice Exam Questions and
Answers 100% correct
How long are inactive sensors retained for in the Host Management Page and visible in
the inactive sensors page? - answer 45 Days
What happens when you undo a release from quarantine? - answer The Falcon
sensor treats the file as malicious again. The next time the file attempts to execute, the
sensor blocks and quarantines it again.
What is IOC Management used for? - answer To allowlist executables as a
compensating control for false positives or to reduce noise.
Where can you locate a list of MacOS hosts that are in Reduced Functionality Mode? -
answer RFM doesn't apply to MacOS hosts.
What is the max number of grouping tags that can be added per host? - answer 50
How many hosts can you assign to a static host group at a time? - answer 1000
Around what model are Fusion Workflows built? - answer Trigger, Condition, Action
What causes a Falcon sensor to go into Reduced Functionality Mode? - answer
When the agent is not compatible with the current version of the kernel running on the
operating system.
What is the Prevention Policy Debug report used for? - answer To debug issues with
prevention policies not being set
How do you change your own password in the Falcon console if you're not using Single
Sign-on? - answer After logging in, go to the User Profile settings and click the
Change Password link. Then supply your current and new passwords.
What kind of information may be found in the Falcon UI Audit trail? - answer Details
about user and API activity in the Falcon console
What are the available methods for uninstalling a Falcon sensor on a Windows OS? -
answer Use the Windows Control Panel
What is a required field when creating users? - answer User Email
, Quarantined file records are found where? - answer Endpoint security > Monitor >
Quarantined Files
Which of the following are options in the NextGenAV detection and prevention settings
On-Sensor ML Sliders? - answer Disabled, Cautious, Moderate, Aggressive and
Extra Aggressive
In order to quarantine files on an endpoint, what prevention policy setting must be in
place? - answer Next-Gen Antivirus Prevention sliders and "Quarantine & Security
Center Registration" must be enabled
What is the max number of Falcon Grouping tags that can be added per CID? - answer
1000
When uninstalling or removing a sensor, which of the following is required if the
"Uninstall and maintenance protection" setting is enabled within the Sensor Update
Policies? - answer Maintenance token
What is the correct purpose of a sensor visibility exclusion? - answer To remediate
issues where the Falcon sensor may cause a performance or application compatibility
interaction by configuring the sensor to completely ignore a target path or process
What is the function of a single asterisk (*) in a ML Exclusion or Sensor Visibility
Exclusion? - answer The single asterisk will match any number of characters,
including none. It does not include seperator characters, such as \ or / which seperate.
The Falcon sensor required what network protocol to communicate with the CS Cloud?
- answer TLS1.2
You have recently noticed that one of the sensors on an endpoint is marked as inactive
within the Falcon platform. What could be a possible reason for this? - answer The
sensor is not communicating with the Falcon cloud.
What is the ML Prevention Monitoring Report used for? - answer To view malware
that would have been blocked in your environment over a timeframe based on different
Machine Learning Prevention settings.
Where do you set up automated detection emails? - answer You go to support and
resources > Resources and tools > General settings and manage the list for detection
and incident emails.
What commands can a 'Real-Time Responder - Active Responder' run? - answer All
of the commands, except for cswindiag, falconscript, put, put-and-run, run
What is the limit for individual IP addresses and ranges that a firewall rule can contain?
- answer 1000
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Pogba119. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.