{"id":95829,"date":"2025-01-07T03:10:06","date_gmt":"2025-01-07T03:10:06","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=95829"},"modified":"2025-01-07T03:10:06","modified_gmt":"2025-01-07T03:10:06","slug":"updated-crowdstrike-ccfa-200-dumps-v12-03-explore-the-latest-ccfa-200-exam-questions-get-remarkable-scores-in-the-crowdstrike-certified-falcon-administrator-ccfa-exam","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/updated-crowdstrike-ccfa-200-dumps-v12-03-explore-the-latest-ccfa-200-exam-questions-get-remarkable-scores-in-the-crowdstrike-certified-falcon-administrator-ccfa-exam.html","title":{"rendered":"Updated CrowdStrike CCFA-200 Dumps (V12.03) &#8211; Explore the Latest CCFA-200 Exam Questions &#038; Get Remarkable Scores in the CrowdStrike Certified Falcon Administrator (CCFA) Exam"},"content":{"rendered":"<p>Efficiently prepare for your CrowdStrike Certified Falcon Administrator (CCFA) certification exam and overcome various challenges by using the most updated CCFA-200 dumps. DumpsBase\u2019s CCFA-200 dumps (V12.03) come with 152 practice exam questions and answers, helping you explore the latest CCFA-200 exam questions and get remarkable scores in the actual exam. Thoroughly practice all the CCFA-200 exam questions and answers with the updated CrowdStrike CCFA-200 dumps (V12.03) and become familiar with the exam questions, which closely resemble the actual CrowdStrike Certified Falcon Administrator (CCFA) questions. All the questions and answers can be read in PDF format for convenient studying anywhere. Plus, we have free software to help you simulate all the questions like attending the actual exam. Choose <a href=\"https:\/\/www.dumpsbase.com\/\"><em><strong>DumpsBase<\/strong><\/em><\/a> today. We offer a generous discount on the CCFA-200 dumps, along with 365 days of free updates on the CCFA-200 exam questions and answers. Practice diligently with the CCFA-200 dumps (V12.03) and aim for the highest score on your first attempt.<\/p>\n<h2>CrowdStrike Certified Falcon Administrator (CCFA) Certification Exam <em><span style=\"background-color: #00ffff;\">CCFA-200 Free Dumps<\/span><\/em><\/h2>\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam8063\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-8063\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-8063\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-304029'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>An analyst has reported they are not receiving workflow triggered notifications in the past few days. <br \/>\r<br>Where should you first check for potential failures?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='304029' \/><input type='hidden' id='answerType304029' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304029[]' id='answer-id-1191182' class='answer   answerof-304029 ' value='1191182'   \/><label for='answer-id-1191182' id='answer-label-1191182' class=' answer'><span>Custom Alert History<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304029[]' id='answer-id-1191183' class='answer   answerof-304029 ' value='1191183'   \/><label for='answer-id-1191183' id='answer-label-1191183' class=' answer'><span>Workflow Execution log<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304029[]' id='answer-id-1191184' class='answer   answerof-304029 ' value='1191184'   \/><label for='answer-id-1191184' id='answer-label-1191184' class=' answer'><span>Workflow Audit log<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304029[]' id='answer-id-1191185' class='answer   answerof-304029 ' value='1191185'   \/><label for='answer-id-1191185' id='answer-label-1191185' class=' answer'><span>Falcon UI Audit Trail<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-304030'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>How are user permissions set in Falcon?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='304030' \/><input type='hidden' id='answerType304030' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304030[]' id='answer-id-1191186' class='answer   answerof-304030 ' value='1191186'   \/><label for='answer-id-1191186' id='answer-label-1191186' class=' answer'><span>Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304030[]' id='answer-id-1191187' class='answer   answerof-304030 ' value='1191187'   \/><label for='answer-id-1191187' id='answer-label-1191187' class=' answer'><span>Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304030[]' id='answer-id-1191188' class='answer   answerof-304030 ' value='1191188'   \/><label for='answer-id-1191188' id='answer-label-1191188' class=' answer'><span>An administrator selects individual granular permissions from the Falcon Permissions List during user creation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304030[]' id='answer-id-1191189' class='answer   answerof-304030 ' value='1191189'   \/><label for='answer-id-1191189' id='answer-label-1191189' class=' answer'><span>Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-304031'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>When creating new IOCs in IOC management, which of the following fields must be configured?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='304031' \/><input type='hidden' id='answerType304031' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304031[]' id='answer-id-1191190' class='answer   answerof-304031 ' value='1191190'   \/><label for='answer-id-1191190' id='answer-label-1191190' class=' answer'><span>Hash, Description, Filename<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304031[]' id='answer-id-1191191' class='answer   answerof-304031 ' value='1191191'   \/><label for='answer-id-1191191' id='answer-label-1191191' class=' answer'><span>Hash, Action and Expiry Date<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304031[]' id='answer-id-1191192' class='answer   answerof-304031 ' value='1191192'   \/><label for='answer-id-1191192' id='answer-label-1191192' class=' answer'><span>Filename, Severity and Expiry Date<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304031[]' id='answer-id-1191193' class='answer   answerof-304031 ' value='1191193'   \/><label for='answer-id-1191193' id='answer-label-1191193' class=' answer'><span>Hash, Platform and Action<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-304032'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. <br \/>\r<br>What is the next step to disable RTR only on these hosts?<\/div><input type='hidden' name='question_id[]' id='qID_4' value='304032' \/><input type='hidden' id='answerType304032' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304032[]' id='answer-id-1191194' class='answer   answerof-304032 ' value='1191194'   \/><label for='answer-id-1191194' id='answer-label-1191194' class=' answer'><span>Edit the Default Response Policy, toggle the &quot;Real Time Response&quot; switch off and assign the policy to the host group<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304032[]' id='answer-id-1191195' class='answer   answerof-304032 ' value='1191195'   \/><label for='answer-id-1191195' id='answer-label-1191195' class=' answer'><span>Edit the Default Response Policy and add the host group to the exceptions list under &quot;Real Time Functionality&quot;<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304032[]' id='answer-id-1191196' class='answer   answerof-304032 ' value='1191196'   \/><label for='answer-id-1191196' id='answer-label-1191196' class=' answer'><span>Create a new Response Policy, toggle the &quot;Real Time Response&quot; switch off and assign the policy to the host group<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304032[]' id='answer-id-1191197' class='answer   answerof-304032 ' value='1191197'   \/><label for='answer-id-1191197' id='answer-label-1191197' class=' answer'><span>Create a new Response Policy and add the host name to the exceptions list under &quot;Real Time Functionality&quot;<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-304033'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>Which exclusion pattern will prevent detections on a file at C:Program FilesMy ProgramMy Filesprogram.exe?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='304033' \/><input type='hidden' id='answerType304033' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304033[]' id='answer-id-1191198' class='answer   answerof-304033 ' value='1191198'   \/><label for='answer-id-1191198' id='answer-label-1191198' class=' answer'><span>Program FilesMy ProgramMy Files*<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304033[]' id='answer-id-1191199' class='answer   answerof-304033 ' value='1191199'   \/><label for='answer-id-1191199' id='answer-label-1191199' class=' answer'><span>Program FilesMy Program*<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304033[]' id='answer-id-1191200' class='answer   answerof-304033 ' value='1191200'   \/><label for='answer-id-1191200' id='answer-label-1191200' class=' answer'><span>**<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304033[]' id='answer-id-1191201' class='answer   answerof-304033 ' value='1191201'   \/><label for='answer-id-1191201' id='answer-label-1191201' class=' answer'><span>*Program FilesMy Program*<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-304034'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>Once an exclusion is saved, what can be edited in the future?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='304034' \/><input type='hidden' id='answerType304034' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304034[]' id='answer-id-1191202' class='answer   answerof-304034 ' value='1191202'   \/><label for='answer-id-1191202' id='answer-label-1191202' class=' answer'><span>All parts of the exclusion can be changed<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304034[]' id='answer-id-1191203' class='answer   answerof-304034 ' value='1191203'   \/><label for='answer-id-1191203' id='answer-label-1191203' class=' answer'><span>Only the selected groups and hosts to which the exclusion is applied can be changed<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304034[]' id='answer-id-1191204' class='answer   answerof-304034 ' value='1191204'   \/><label for='answer-id-1191204' id='answer-label-1191204' class=' answer'><span>Only the options to &quot;Detect\/Block&quot; and\/or &quot;File Extraction&quot; can be changed<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304034[]' id='answer-id-1191205' class='answer   answerof-304034 ' value='1191205'   \/><label for='answer-id-1191205' id='answer-label-1191205' class=' answer'><span>The exclusion pattern cannot be changed<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-304035'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>Why is the ability to disable detections helpful?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='304035' \/><input type='hidden' id='answerType304035' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304035[]' id='answer-id-1191206' class='answer   answerof-304035 ' value='1191206'   \/><label for='answer-id-1191206' id='answer-label-1191206' class=' answer'><span>It gives users the ability to set up hosts to test detections and later remove them from the console<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304035[]' id='answer-id-1191207' class='answer   answerof-304035 ' value='1191207'   \/><label for='answer-id-1191207' id='answer-label-1191207' class=' answer'><span>It gives users the ability to uninstall the sensor from a host<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304035[]' id='answer-id-1191208' class='answer   answerof-304035 ' value='1191208'   \/><label for='answer-id-1191208' id='answer-label-1191208' class=' answer'><span>It gives users the ability to allowlist a false positive detection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304035[]' id='answer-id-1191209' class='answer   answerof-304035 ' value='1191209'   \/><label for='answer-id-1191209' id='answer-label-1191209' class=' answer'><span>It gives users the ability to remove all data from hosts that have been uninstalled<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-304036'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>What impact does disabling detections on a host have on an API?<\/div><input type='hidden' name='question_id[]' id='qID_8' value='304036' \/><input type='hidden' id='answerType304036' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304036[]' id='answer-id-1191210' class='answer   answerof-304036 ' value='1191210'   \/><label for='answer-id-1191210' id='answer-label-1191210' class=' answer'><span>Endpoints with detections disabled will not alert on anything until detections are enabled again<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304036[]' id='answer-id-1191211' class='answer   answerof-304036 ' value='1191211'   \/><label for='answer-id-1191211' id='answer-label-1191211' class=' answer'><span>Endpoints cannot have their detections disabled individually<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304036[]' id='answer-id-1191212' class='answer   answerof-304036 ' value='1191212'   \/><label for='answer-id-1191212' id='answer-label-1191212' class=' answer'><span>DetectionSummaryEvent stops sending to the Streaming API for that host<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304036[]' id='answer-id-1191213' class='answer   answerof-304036 ' value='1191213'   \/><label for='answer-id-1191213' id='answer-label-1191213' class=' answer'><span>Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-304037'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='304037' \/><input type='hidden' id='answerType304037' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304037[]' id='answer-id-1191214' class='answer   answerof-304037 ' value='1191214'   \/><label for='answer-id-1191214' id='answer-label-1191214' class=' answer'><span>To group hosts with others in the same business unit<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304037[]' id='answer-id-1191215' class='answer   answerof-304037 ' value='1191215'   \/><label for='answer-id-1191215' id='answer-label-1191215' class=' answer'><span>To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304037[]' id='answer-id-1191216' class='answer   answerof-304037 ' value='1191216'   \/><label for='answer-id-1191216' id='answer-label-1191216' class=' answer'><span>To prioritize the order in which Falcon updates are installed, so that updates are not installed all at once leading to network congestion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304037[]' id='answer-id-1191217' class='answer   answerof-304037 ' value='1191217'   \/><label for='answer-id-1191217' id='answer-label-1191217' class=' answer'><span>To allow the controlled assignment of sensor versions onto specific hosts<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-304038'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>What command should be run to verify if a Windows sensor is running?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='304038' \/><input type='hidden' id='answerType304038' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304038[]' id='answer-id-1191218' class='answer   answerof-304038 ' value='1191218'   \/><label for='answer-id-1191218' id='answer-label-1191218' class=' answer'><span>regedit myfile.reg<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304038[]' id='answer-id-1191219' class='answer   answerof-304038 ' value='1191219'   \/><label for='answer-id-1191219' id='answer-label-1191219' class=' answer'><span>sc query csagent<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304038[]' id='answer-id-1191220' class='answer   answerof-304038 ' value='1191220'   \/><label for='answer-id-1191220' id='answer-label-1191220' class=' answer'><span>netstat -f<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304038[]' id='answer-id-1191221' class='answer   answerof-304038 ' value='1191221'   \/><label for='answer-id-1191221' id='answer-label-1191221' class=' answer'><span>ps -ef | grep falcon<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-304039'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>Under the &quot;Next-Gen Antivirus: Cloud Machine Learning&quot; setting there are two categories, one of them is &quot;Cloud Anti-Malware&quot; and the other is:<\/div><input type='hidden' name='question_id[]' id='qID_11' value='304039' \/><input type='hidden' id='answerType304039' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304039[]' id='answer-id-1191222' class='answer   answerof-304039 ' value='1191222'   \/><label for='answer-id-1191222' id='answer-label-1191222' class=' answer'><span>Adware &amp; PUP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304039[]' id='answer-id-1191223' class='answer   answerof-304039 ' value='1191223'   \/><label for='answer-id-1191223' id='answer-label-1191223' class=' answer'><span>Advanced Machine Learning<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304039[]' id='answer-id-1191224' class='answer   answerof-304039 ' value='1191224'   \/><label for='answer-id-1191224' id='answer-label-1191224' class=' answer'><span>Sensor Anti-Malware<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304039[]' id='answer-id-1191225' class='answer   answerof-304039 ' value='1191225'   \/><label for='answer-id-1191225' id='answer-label-1191225' class=' answer'><span>Execution Blocking<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-304040'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>What is the purpose of precedence with respect to the Sensor Update policy?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='304040' \/><input type='hidden' id='answerType304040' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304040[]' id='answer-id-1191226' class='answer   answerof-304040 ' value='1191226'   \/><label for='answer-id-1191226' id='answer-label-1191226' class=' answer'><span>Precedence applies to the Prevention policy and not to the Sensor Update policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304040[]' id='answer-id-1191227' class='answer   answerof-304040 ' value='1191227'   \/><label for='answer-id-1191227' id='answer-label-1191227' class=' answer'><span>Hosts assigned to multiple policies will assume the highest ranked policy in the list (policy with the lowest number)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304040[]' id='answer-id-1191228' class='answer   answerof-304040 ' value='1191228'   \/><label for='answer-id-1191228' id='answer-label-1191228' class=' answer'><span>Hosts assigned to multiple policies will assume the lowest ranked policy in the list (policy with the highest number)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304040[]' id='answer-id-1191229' class='answer   answerof-304040 ' value='1191229'   \/><label for='answer-id-1191229' id='answer-label-1191229' class=' answer'><span>Precedence ensures that conflicting policy settings are not set in the same policy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-304041'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>Which is the correct order for manually installing a Falcon Package on a macOS system?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='304041' \/><input type='hidden' id='answerType304041' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304041[]' id='answer-id-1191230' class='answer   answerof-304041 ' value='1191230'   \/><label for='answer-id-1191230' id='answer-label-1191230' class=' answer'><span>Install the Falcon package, then register the Falcon Sensor via the registration package<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304041[]' id='answer-id-1191231' class='answer   answerof-304041 ' value='1191231'   \/><label for='answer-id-1191231' id='answer-label-1191231' class=' answer'><span>Install the Falcon package, then register the Falcon Sensor via command line<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304041[]' id='answer-id-1191232' class='answer   answerof-304041 ' value='1191232'   \/><label for='answer-id-1191232' id='answer-label-1191232' class=' answer'><span>Register the Falcon Sensor via command line, then install the Falcon package<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304041[]' id='answer-id-1191233' class='answer   answerof-304041 ' value='1191233'   \/><label for='answer-id-1191233' id='answer-label-1191233' class=' answer'><span>Register the Falcon Sensor via the registration package, then install the Falcon package<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-304042'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='304042' \/><input type='hidden' id='answerType304042' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304042[]' id='answer-id-1191234' class='answer   answerof-304042 ' value='1191234'   \/><label for='answer-id-1191234' id='answer-label-1191234' class=' answer'><span>Maintenance token<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304042[]' id='answer-id-1191235' class='answer   answerof-304042 ' value='1191235'   \/><label for='answer-id-1191235' id='answer-label-1191235' class=' answer'><span>Customer ID (CID)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304042[]' id='answer-id-1191236' class='answer   answerof-304042 ' value='1191236'   \/><label for='answer-id-1191236' id='answer-label-1191236' class=' answer'><span>Bulk update key<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304042[]' id='answer-id-1191237' class='answer   answerof-304042 ' value='1191237'   \/><label for='answer-id-1191237' id='answer-label-1191237' class=' answer'><span>Agent ID (AID)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-304043'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>Which of the following Machine Learning (ML) sliders will only detect or prevent high confidence malicious items?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='304043' \/><input type='hidden' id='answerType304043' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304043[]' id='answer-id-1191238' class='answer   answerof-304043 ' value='1191238'   \/><label for='answer-id-1191238' id='answer-label-1191238' class=' answer'><span>Aggressive<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304043[]' id='answer-id-1191239' class='answer   answerof-304043 ' value='1191239'   \/><label for='answer-id-1191239' id='answer-label-1191239' class=' answer'><span>Cautious<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304043[]' id='answer-id-1191240' class='answer   answerof-304043 ' value='1191240'   \/><label for='answer-id-1191240' id='answer-label-1191240' class=' answer'><span>Minimal<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304043[]' id='answer-id-1191241' class='answer   answerof-304043 ' value='1191241'   \/><label for='answer-id-1191241' id='answer-label-1191241' class=' answer'><span>Moderate<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-304044'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. <br \/>\r<br>Which of the following parameters can be used to override the 20 minute default provisioning window?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='304044' \/><input type='hidden' id='answerType304044' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304044[]' id='answer-id-1191242' class='answer   answerof-304044 ' value='1191242'   \/><label for='answer-id-1191242' id='answer-label-1191242' class=' answer'><span>ExtendedWindow=1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304044[]' id='answer-id-1191243' class='answer   answerof-304044 ' value='1191243'   \/><label for='answer-id-1191243' id='answer-label-1191243' class=' answer'><span>Timeout=0<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304044[]' id='answer-id-1191244' class='answer   answerof-304044 ' value='1191244'   \/><label for='answer-id-1191244' id='answer-label-1191244' class=' answer'><span>ProvNoWait=1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304044[]' id='answer-id-1191245' class='answer   answerof-304044 ' value='1191245'   \/><label for='answer-id-1191245' id='answer-label-1191245' class=' answer'><span>Timeout=30<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-304045'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. <br \/>\r<br>What is the most appropriate role that can be added to fullfil this requirement?<\/div><input type='hidden' name='question_id[]' id='qID_17' value='304045' \/><input type='hidden' id='answerType304045' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304045[]' id='answer-id-1191246' class='answer   answerof-304045 ' value='1191246'   \/><label for='answer-id-1191246' id='answer-label-1191246' class=' answer'><span>Remediation Manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304045[]' id='answer-id-1191247' class='answer   answerof-304045 ' value='1191247'   \/><label for='answer-id-1191247' id='answer-label-1191247' class=' answer'><span>Real Time Responder C Read Only Analyst<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304045[]' id='answer-id-1191248' class='answer   answerof-304045 ' value='1191248'   \/><label for='answer-id-1191248' id='answer-label-1191248' class=' answer'><span>Falcon Analyst C Read Only<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304045[]' id='answer-id-1191249' class='answer   answerof-304045 ' value='1191249'   \/><label for='answer-id-1191249' id='answer-label-1191249' class=' answer'><span>Real Time Responder C Active Responder<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-304046'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>Which option allows you to exclude behavioral detections from the detections page?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='304046' \/><input type='hidden' id='answerType304046' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304046[]' id='answer-id-1191250' class='answer   answerof-304046 ' value='1191250'   \/><label for='answer-id-1191250' id='answer-label-1191250' class=' answer'><span>Machine Learning Exclusion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304046[]' id='answer-id-1191251' class='answer   answerof-304046 ' value='1191251'   \/><label for='answer-id-1191251' id='answer-label-1191251' class=' answer'><span>IOA Exclusion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304046[]' id='answer-id-1191252' class='answer   answerof-304046 ' value='1191252'   \/><label for='answer-id-1191252' id='answer-label-1191252' class=' answer'><span>IOC Exclusion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304046[]' id='answer-id-1191253' class='answer   answerof-304046 ' value='1191253'   \/><label for='answer-id-1191253' id='answer-label-1191253' class=' answer'><span>Sensor Visibility Exclusion<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-304047'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>Which role will allow someone to manage quarantine files?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='304047' \/><input type='hidden' id='answerType304047' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304047[]' id='answer-id-1191254' class='answer   answerof-304047 ' value='1191254'   \/><label for='answer-id-1191254' id='answer-label-1191254' class=' answer'><span>Falcon Security Lead<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304047[]' id='answer-id-1191255' class='answer   answerof-304047 ' value='1191255'   \/><label for='answer-id-1191255' id='answer-label-1191255' class=' answer'><span>Detections Exceptions Manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304047[]' id='answer-id-1191256' class='answer   answerof-304047 ' value='1191256'   \/><label for='answer-id-1191256' id='answer-label-1191256' class=' answer'><span>Falcon Analyst C Read Only<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304047[]' id='answer-id-1191257' class='answer   answerof-304047 ' value='1191257'   \/><label for='answer-id-1191257' id='answer-label-1191257' class=' answer'><span>Endpoint Manager<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-304048'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>When a host is placed in Network Containment, which of the following is TRUE?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='304048' \/><input type='hidden' id='answerType304048' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304048[]' id='answer-id-1191258' class='answer   answerof-304048 ' value='1191258'   \/><label for='answer-id-1191258' id='answer-label-1191258' class=' answer'><span>The host machine is unable to send or receive network traffic outside of the local network<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304048[]' id='answer-id-1191259' class='answer   answerof-304048 ' value='1191259'   \/><label for='answer-id-1191259' id='answer-label-1191259' class=' answer'><span>The host machine is unable to send or receive network traffic except to\/from the Falcon Cloud and traffic allowed in the Firewall Policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304048[]' id='answer-id-1191260' class='answer   answerof-304048 ' value='1191260'   \/><label for='answer-id-1191260' id='answer-label-1191260' class=' answer'><span>The host machine is unable to send or receive any network traffic<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304048[]' id='answer-id-1191261' class='answer   answerof-304048 ' value='1191261'   \/><label for='answer-id-1191261' id='answer-label-1191261' class=' answer'><span>The host machine is unable to send or receive network traffic except to\/from the Falcon Cloud and any resources allowlisted in the Containment Policy<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-304049'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>How do you disable all detections for a host?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='304049' \/><input type='hidden' id='answerType304049' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304049[]' id='answer-id-1191262' class='answer   answerof-304049 ' value='1191262'   \/><label for='answer-id-1191262' id='answer-label-1191262' class=' answer'><span>Create an exclusion rule and apply it to the machine or group of machines<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304049[]' id='answer-id-1191263' class='answer   answerof-304049 ' value='1191263'   \/><label for='answer-id-1191263' id='answer-label-1191263' class=' answer'><span>Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304049[]' id='answer-id-1191264' class='answer   answerof-304049 ' value='1191264'   \/><label for='answer-id-1191264' id='answer-label-1191264' class=' answer'><span>You cannot disable all detections on individual hosts as it would put them at risk<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304049[]' id='answer-id-1191265' class='answer   answerof-304049 ' value='1191265'   \/><label for='answer-id-1191265' id='answer-label-1191265' class=' answer'><span>In Host Management, select the host and then choose the option to Disable Detections<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-304050'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>In order to quarantine files on the host, what prevention policy settings must be enabled?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='304050' \/><input type='hidden' id='answerType304050' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304050[]' id='answer-id-1191266' class='answer   answerof-304050 ' value='1191266'   \/><label for='answer-id-1191266' id='answer-label-1191266' class=' answer'><span>Malware Protection and Custom Execution Blocking must be enabled<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304050[]' id='answer-id-1191267' class='answer   answerof-304050 ' value='1191267'   \/><label for='answer-id-1191267' id='answer-label-1191267' class=' answer'><span>Next-Gen Antivirus Prevention sliders and &quot;Quarantine &amp; Security Center Registration&quot; must be enabled<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304050[]' id='answer-id-1191268' class='answer   answerof-304050 ' value='1191268'   \/><label for='answer-id-1191268' id='answer-label-1191268' class=' answer'><span>Malware Protection and Windows Anti-Malware Execution Blocking must be enabled<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304050[]' id='answer-id-1191269' class='answer   answerof-304050 ' value='1191269'   \/><label for='answer-id-1191269' id='answer-label-1191269' class=' answer'><span>Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-304051'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>What is the maximum number of patterns that can be added when creating a new exclusion?<\/div><input type='hidden' name='question_id[]' id='qID_23' value='304051' \/><input type='hidden' id='answerType304051' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304051[]' id='answer-id-1191270' class='answer   answerof-304051 ' value='1191270'   \/><label for='answer-id-1191270' id='answer-label-1191270' class=' answer'><span>10<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304051[]' id='answer-id-1191271' class='answer   answerof-304051 ' value='1191271'   \/><label for='answer-id-1191271' id='answer-label-1191271' class=' answer'><span>0<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304051[]' id='answer-id-1191272' class='answer   answerof-304051 ' value='1191272'   \/><label for='answer-id-1191272' id='answer-label-1191272' class=' answer'><span>1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304051[]' id='answer-id-1191273' class='answer   answerof-304051 ' value='1191273'   \/><label for='answer-id-1191273' id='answer-label-1191273' class=' answer'><span>5<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-304052'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>Which of the following is TRUE of the Logon Activities Report?<\/div><input type='hidden' name='question_id[]' id='qID_24' value='304052' \/><input type='hidden' id='answerType304052' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304052[]' id='answer-id-1191274' class='answer   answerof-304052 ' value='1191274'   \/><label for='answer-id-1191274' id='answer-label-1191274' class=' answer'><span>Shows a graphical view of user logon activity and the hosts the user connected to<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304052[]' id='answer-id-1191275' class='answer   answerof-304052 ' value='1191275'   \/><label for='answer-id-1191275' id='answer-label-1191275' class=' answer'><span>The report can be filtered by computer name<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304052[]' id='answer-id-1191276' class='answer   answerof-304052 ' value='1191276'   \/><label for='answer-id-1191276' id='answer-label-1191276' class=' answer'><span>It gives a detailed list of all logon activity for users<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304052[]' id='answer-id-1191277' class='answer   answerof-304052 ' value='1191277'   \/><label for='answer-id-1191277' id='answer-label-1191277' class=' answer'><span>It only gives a summary of the last logon activity for users<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-304053'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>You have created a Sensor Update Policy for the Mac platform. <br \/>\r<br>Which other operating system(s) will this policy manage?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='304053' \/><input type='hidden' id='answerType304053' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304053[]' id='answer-id-1191278' class='answer   answerof-304053 ' value='1191278'   \/><label for='answer-id-1191278' id='answer-label-1191278' class=' answer'><span>*nix<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304053[]' id='answer-id-1191279' class='answer   answerof-304053 ' value='1191279'   \/><label for='answer-id-1191279' id='answer-label-1191279' class=' answer'><span>Windows<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304053[]' id='answer-id-1191280' class='answer   answerof-304053 ' value='1191280'   \/><label for='answer-id-1191280' id='answer-label-1191280' class=' answer'><span>Both Windows and *nix<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304053[]' id='answer-id-1191281' class='answer   answerof-304053 ' value='1191281'   \/><label for='answer-id-1191281' id='answer-label-1191281' class=' answer'><span>Only Mac<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-304054'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. <br \/>\r<br>What is the best way to prevent these in the future?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='304054' \/><input type='hidden' id='answerType304054' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304054[]' id='answer-id-1191282' class='answer   answerof-304054 ' value='1191282'   \/><label for='answer-id-1191282' id='answer-label-1191282' class=' answer'><span>Contact support and request that they modify the Machine Learning settings to no longer include this detection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304054[]' id='answer-id-1191283' class='answer   answerof-304054 ' value='1191283'   \/><label for='answer-id-1191283' id='answer-label-1191283' class=' answer'><span>Using IOC Management, add the hash of the binary in question and set the action to &quot;Allow&quot;<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304054[]' id='answer-id-1191284' class='answer   answerof-304054 ' value='1191284'   \/><label for='answer-id-1191284' id='answer-label-1191284' class=' answer'><span>Using IOC Management, add the hash of the binary in question and set the action to &quot;Block, hide detection&quot;<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304054[]' id='answer-id-1191285' class='answer   answerof-304054 ' value='1191285'   \/><label for='answer-id-1191285' id='answer-label-1191285' class=' answer'><span>Using IOC Management, add the hash of the binary in question and set the action to &quot;No Action&quot;<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-304055'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?<\/div><input type='hidden' name='question_id[]' id='qID_27' value='304055' \/><input type='hidden' id='answerType304055' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304055[]' id='answer-id-1191286' class='answer   answerof-304055 ' value='1191286'   \/><label for='answer-id-1191286' id='answer-label-1191286' class=' answer'><span>Falcon console updates are pending<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304055[]' id='answer-id-1191287' class='answer   answerof-304055 ' value='1191287'   \/><label for='answer-id-1191287' id='answer-label-1191287' class=' answer'><span>Falcon sensors installing an update<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304055[]' id='answer-id-1191288' class='answer   answerof-304055 ' value='1191288'   \/><label for='answer-id-1191288' id='answer-label-1191288' class=' answer'><span>Notifications have been disabled on that host sensor<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304055[]' id='answer-id-1191289' class='answer   answerof-304055 ' value='1191289'   \/><label for='answer-id-1191289' id='answer-label-1191289' class=' answer'><span>Microsoft updates<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-304056'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>When creating a Host Group for all Workstations in an environment, what is the best method to ensure all workstation hosts are added to the group?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='304056' \/><input type='hidden' id='answerType304056' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304056[]' id='answer-id-1191290' class='answer   answerof-304056 ' value='1191290'   \/><label for='answer-id-1191290' id='answer-label-1191290' class=' answer'><span>Create a Dynamic Group with Type=Workstation Assignment<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304056[]' id='answer-id-1191291' class='answer   answerof-304056 ' value='1191291'   \/><label for='answer-id-1191291' id='answer-label-1191291' class=' answer'><span>Create a Dynamic Group and Import All Workstations<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304056[]' id='answer-id-1191292' class='answer   answerof-304056 ' value='1191292'   \/><label for='answer-id-1191292' id='answer-label-1191292' class=' answer'><span>Create a Static Group and Import all Workstations<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304056[]' id='answer-id-1191293' class='answer   answerof-304056 ' value='1191293'   \/><label for='answer-id-1191293' id='answer-label-1191293' class=' answer'><span>Create a Static Group with Type=Workstation Assignment<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-304057'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>Which role allows a user to connect to hosts using Real-Time Response?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='304057' \/><input type='hidden' id='answerType304057' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304057[]' id='answer-id-1191294' class='answer   answerof-304057 ' value='1191294'   \/><label for='answer-id-1191294' id='answer-label-1191294' class=' answer'><span>Endpoint Manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304057[]' id='answer-id-1191295' class='answer   answerof-304057 ' value='1191295'   \/><label for='answer-id-1191295' id='answer-label-1191295' class=' answer'><span>Falcon Administrator<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304057[]' id='answer-id-1191296' class='answer   answerof-304057 ' value='1191296'   \/><label for='answer-id-1191296' id='answer-label-1191296' class=' answer'><span>Real Time Responder C Active Responder<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304057[]' id='answer-id-1191297' class='answer   answerof-304057 ' value='1191297'   \/><label for='answer-id-1191297' id='answer-label-1191297' class=' answer'><span>Prevention Hashes Manager<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-304058'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>Where can you modify settings to permit certain traffic during a containment period?<\/div><input type='hidden' name='question_id[]' id='qID_30' value='304058' \/><input type='hidden' id='answerType304058' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304058[]' id='answer-id-1191298' class='answer   answerof-304058 ' value='1191298'   \/><label for='answer-id-1191298' id='answer-label-1191298' class=' answer'><span>Prevention Policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304058[]' id='answer-id-1191299' class='answer   answerof-304058 ' value='1191299'   \/><label for='answer-id-1191299' id='answer-label-1191299' class=' answer'><span>Host Settings<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304058[]' id='answer-id-1191300' class='answer   answerof-304058 ' value='1191300'   \/><label for='answer-id-1191300' id='answer-label-1191300' class=' answer'><span>Containment Policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304058[]' id='answer-id-1191301' class='answer   answerof-304058 ' value='1191301'   \/><label for='answer-id-1191301' id='answer-label-1191301' class=' answer'><span>Firewall Settings<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-304059'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>Which of the following is a valid step when troubleshooting sensor installation failure?<\/div><input type='hidden' name='question_id[]' id='qID_31' value='304059' \/><input type='hidden' id='answerType304059' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304059[]' id='answer-id-1191302' class='answer   answerof-304059 ' value='1191302'   \/><label for='answer-id-1191302' id='answer-label-1191302' class=' answer'><span>Confirm all required services are running on the system<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304059[]' id='answer-id-1191303' class='answer   answerof-304059 ' value='1191303'   \/><label for='answer-id-1191303' id='answer-label-1191303' class=' answer'><span>Enable the Windows firewall<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304059[]' id='answer-id-1191304' class='answer   answerof-304059 ' value='1191304'   \/><label for='answer-id-1191304' id='answer-label-1191304' class=' answer'><span>Disable SSL and TLS on the host<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304059[]' id='answer-id-1191305' class='answer   answerof-304059 ' value='1191305'   \/><label for='answer-id-1191305' id='answer-label-1191305' class=' answer'><span>Delete any available application crash log files<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-304060'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>How many &quot;Auto&quot; sensor version update options are available for Windows Sensor Update Policies?<\/div><input type='hidden' name='question_id[]' id='qID_32' value='304060' \/><input type='hidden' id='answerType304060' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304060[]' id='answer-id-1191306' class='answer   answerof-304060 ' value='1191306'   \/><label for='answer-id-1191306' id='answer-label-1191306' class=' answer'><span>1<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304060[]' id='answer-id-1191307' class='answer   answerof-304060 ' value='1191307'   \/><label for='answer-id-1191307' id='answer-label-1191307' class=' answer'><span>2<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304060[]' id='answer-id-1191308' class='answer   answerof-304060 ' value='1191308'   \/><label for='answer-id-1191308' id='answer-label-1191308' class=' answer'><span>0<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304060[]' id='answer-id-1191309' class='answer   answerof-304060 ' value='1191309'   \/><label for='answer-id-1191309' id='answer-label-1191309' class=' answer'><span>3<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-304061'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>Where in the Falcon console can information about supported operating system versions be found?<\/div><input type='hidden' name='question_id[]' id='qID_33' value='304061' \/><input type='hidden' id='answerType304061' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304061[]' id='answer-id-1191310' class='answer   answerof-304061 ' value='1191310'   \/><label for='answer-id-1191310' id='answer-label-1191310' class=' answer'><span>Configuration module<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304061[]' id='answer-id-1191311' class='answer   answerof-304061 ' value='1191311'   \/><label for='answer-id-1191311' id='answer-label-1191311' class=' answer'><span>Intelligence module<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304061[]' id='answer-id-1191312' class='answer   answerof-304061 ' value='1191312'   \/><label for='answer-id-1191312' id='answer-label-1191312' class=' answer'><span>Support module<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304061[]' id='answer-id-1191313' class='answer   answerof-304061 ' value='1191313'   \/><label for='answer-id-1191313' id='answer-label-1191313' class=' answer'><span>Discover module<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-304062'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>Under which scenario can Sensor Tags be assigned?<\/div><input type='hidden' name='question_id[]' id='qID_34' value='304062' \/><input type='hidden' id='answerType304062' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304062[]' id='answer-id-1191314' class='answer   answerof-304062 ' value='1191314'   \/><label for='answer-id-1191314' id='answer-label-1191314' class=' answer'><span>While triaging a detection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304062[]' id='answer-id-1191315' class='answer   answerof-304062 ' value='1191315'   \/><label for='answer-id-1191315' id='answer-label-1191315' class=' answer'><span>While managing hosts in the Falcon console<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304062[]' id='answer-id-1191316' class='answer   answerof-304062 ' value='1191316'   \/><label for='answer-id-1191316' id='answer-label-1191316' class=' answer'><span>While updating a sensor in the Falcon console<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304062[]' id='answer-id-1191317' class='answer   answerof-304062 ' value='1191317'   \/><label for='answer-id-1191317' id='answer-label-1191317' class=' answer'><span>While installing a sensor<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-304063'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>How can a Falcon Administrator configure a pop-up message to be displayed on a host when the Falcon sensor blocks, kills or quarantines an activity?<\/div><input type='hidden' name='question_id[]' id='qID_35' value='304063' \/><input type='hidden' id='answerType304063' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304063[]' id='answer-id-1191318' class='answer   answerof-304063 ' value='1191318'   \/><label for='answer-id-1191318' id='answer-label-1191318' class=' answer'><span>By ensuring each user has set the &quot;pop-ups allowed&quot; in their User Profile configuration page<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304063[]' id='answer-id-1191319' class='answer   answerof-304063 ' value='1191319'   \/><label for='answer-id-1191319' id='answer-label-1191319' class=' answer'><span>By enabling &quot;Upload quarantined files&quot; in the General Settings configuration page<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304063[]' id='answer-id-1191320' class='answer   answerof-304063 ' value='1191320'   \/><label for='answer-id-1191320' id='answer-label-1191320' class=' answer'><span>By turning on the &quot;Notify End Users&quot; setting at the top of the Prevention policy details configuration page<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304063[]' id='answer-id-1191321' class='answer   answerof-304063 ' value='1191321'   \/><label for='answer-id-1191321' id='answer-label-1191321' class=' answer'><span>By selecting &quot;Enable pop-up messages&quot; from the User configuration page<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-304064'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called &quot;devcode.&quot; <br \/>\r<br>What setting can you use to reduce false positives on this file path?<\/div><input type='hidden' name='question_id[]' id='qID_36' value='304064' \/><input type='hidden' id='answerType304064' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304064[]' id='answer-id-1191322' class='answer   answerof-304064 ' value='1191322'   \/><label for='answer-id-1191322' id='answer-label-1191322' class=' answer'><span>USB Device Policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304064[]' id='answer-id-1191323' class='answer   answerof-304064 ' value='1191323'   \/><label for='answer-id-1191323' id='answer-label-1191323' class=' answer'><span>Firewall Rule Group<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304064[]' id='answer-id-1191324' class='answer   answerof-304064 ' value='1191324'   \/><label for='answer-id-1191324' id='answer-label-1191324' class=' answer'><span>Containment Policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304064[]' id='answer-id-1191325' class='answer   answerof-304064 ' value='1191325'   \/><label for='answer-id-1191325' id='answer-label-1191325' class=' answer'><span>Machine Learning Exclusions<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-304065'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>What is the primary purpose of using glob syntax in an exclusion?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='304065' \/><input type='hidden' id='answerType304065' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304065[]' id='answer-id-1191326' class='answer   answerof-304065 ' value='1191326'   \/><label for='answer-id-1191326' id='answer-label-1191326' class=' answer'><span>To specify a Domain be excluded from detections<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304065[]' id='answer-id-1191327' class='answer   answerof-304065 ' value='1191327'   \/><label for='answer-id-1191327' id='answer-label-1191327' class=' answer'><span>To specify exclusion patterns to easily exclude files and folders and extensions from detections<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304065[]' id='answer-id-1191328' class='answer   answerof-304065 ' value='1191328'   \/><label for='answer-id-1191328' id='answer-label-1191328' class=' answer'><span>To specify exclusion patterns to easily add files and folders and extensions to be prevented<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304065[]' id='answer-id-1191329' class='answer   answerof-304065 ' value='1191329'   \/><label for='answer-id-1191329' id='answer-label-1191329' class=' answer'><span>To specify a network share be excluded from detections<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-304066'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?<\/div><input type='hidden' name='question_id[]' id='qID_38' value='304066' \/><input type='hidden' id='answerType304066' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304066[]' id='answer-id-1191330' class='answer   answerof-304066 ' value='1191330'   \/><label for='answer-id-1191330' id='answer-label-1191330' class=' answer'><span>Next-Gen Antivirus (NGAV) protection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304066[]' id='answer-id-1191331' class='answer   answerof-304066 ' value='1191331'   \/><label for='answer-id-1191331' id='answer-label-1191331' class=' answer'><span>Adware and Potentially Unwanted Program detection and prevention<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304066[]' id='answer-id-1191332' class='answer   answerof-304066 ' value='1191332'   \/><label for='answer-id-1191332' id='answer-label-1191332' class=' answer'><span>Real-time offline protection<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304066[]' id='answer-id-1191333' class='answer   answerof-304066 ' value='1191333'   \/><label for='answer-id-1191333' id='answer-label-1191333' class=' answer'><span>Identification and analysis of unknown executables<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-304067'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>On a Windows host, what is the best command to determine if the sensor is currently running?<\/div><input type='hidden' name='question_id[]' id='qID_39' value='304067' \/><input type='hidden' id='answerType304067' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304067[]' id='answer-id-1191334' class='answer   answerof-304067 ' value='1191334'   \/><label for='answer-id-1191334' id='answer-label-1191334' class=' answer'><span>sc query csagent<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304067[]' id='answer-id-1191335' class='answer   answerof-304067 ' value='1191335'   \/><label for='answer-id-1191335' id='answer-label-1191335' class=' answer'><span>netstat -a<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304067[]' id='answer-id-1191336' class='answer   answerof-304067 ' value='1191336'   \/><label for='answer-id-1191336' id='answer-label-1191336' class=' answer'><span>This cannot be accomplished with a command<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304067[]' id='answer-id-1191337' class='answer   answerof-304067 ' value='1191337'   \/><label for='answer-id-1191337' id='answer-label-1191337' class=' answer'><span>ping falcon.crowdstrike.com<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-40' style=';'><div id='questionWrap-40'  class='   watupro-question-id-304068'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>40. <\/span>Even though you are a Falcon Administrator, you discover you are unable to use the &quot;Connect to Host&quot; feature to gather additional information which is only available on the host. <br \/>\r<br>Which role do you need added to your user account to have this capability?<\/div><input type='hidden' name='question_id[]' id='qID_40' value='304068' \/><input type='hidden' id='answerType304068' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304068[]' id='answer-id-1191338' class='answer   answerof-304068 ' value='1191338'   \/><label for='answer-id-1191338' id='answer-label-1191338' class=' answer'><span>Real Time Responder<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304068[]' id='answer-id-1191339' class='answer   answerof-304068 ' value='1191339'   \/><label for='answer-id-1191339' id='answer-label-1191339' class=' answer'><span>Endpoint Manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304068[]' id='answer-id-1191340' class='answer   answerof-304068 ' value='1191340'   \/><label for='answer-id-1191340' id='answer-label-1191340' class=' answer'><span>Falcon Investigator<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304068[]' id='answer-id-1191341' class='answer   answerof-304068 ' value='1191341'   \/><label for='answer-id-1191341' id='answer-label-1191341' class=' answer'><span>Remediation Manager<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-41' style=';'><div id='questionWrap-41'  class='   watupro-question-id-304069'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>41. <\/span>Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?<\/div><input type='hidden' name='question_id[]' id='qID_41' value='304069' \/><input type='hidden' id='answerType304069' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304069[]' id='answer-id-1191342' class='answer   answerof-304069 ' value='1191342'   \/><label for='answer-id-1191342' id='answer-label-1191342' class=' answer'><span>TCP port 22 (SSH)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304069[]' id='answer-id-1191343' class='answer   answerof-304069 ' value='1191343'   \/><label for='answer-id-1191343' id='answer-label-1191343' class=' answer'><span>TCP port 443 (HTTPS)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304069[]' id='answer-id-1191344' class='answer   answerof-304069 ' value='1191344'   \/><label for='answer-id-1191344' id='answer-label-1191344' class=' answer'><span>TCP port 80 (HTTP)<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304069[]' id='answer-id-1191345' class='answer   answerof-304069 ' value='1191345'   \/><label for='answer-id-1191345' id='answer-label-1191345' class=' answer'><span>TCP UDP port 53 (DNS)<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-42' style=';'><div id='questionWrap-42'  class='   watupro-question-id-304070'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>42. <\/span>What type of information is found in the Linux Sensors Dashboard?<\/div><input type='hidden' name='question_id[]' id='qID_42' value='304070' \/><input type='hidden' id='answerType304070' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304070[]' id='answer-id-1191346' class='answer   answerof-304070 ' value='1191346'   \/><label for='answer-id-1191346' id='answer-label-1191346' class=' answer'><span>Hosts by Kernel Version, Shells spawned by Root, Wget\/Curl Usage<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304070[]' id='answer-id-1191347' class='answer   answerof-304070 ' value='1191347'   \/><label for='answer-id-1191347' id='answer-label-1191347' class=' answer'><span>Hidden File execution, Execution of file from the trash, Versions Running with ComputerNames<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304070[]' id='answer-id-1191348' class='answer   answerof-304070 ' value='1191348'   \/><label for='answer-id-1191348' id='answer-label-1191348' class=' answer'><span>Versions running, Directory Made Invisible to Spotlight, Logging\/Auditing Referenced, Viewed, or Modified<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304070[]' id='answer-id-1191349' class='answer   answerof-304070 ' value='1191349'   \/><label for='answer-id-1191349' id='answer-label-1191349' class=' answer'><span>Private Information Accessed, Archiving Tools C Exfil, Files Made Executable<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-43' style=';'><div id='questionWrap-43'  class='   watupro-question-id-304071'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>43. <\/span>How long are detection events kept in Falcon?<\/div><input type='hidden' name='question_id[]' id='qID_43' value='304071' \/><input type='hidden' id='answerType304071' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304071[]' id='answer-id-1191350' class='answer   answerof-304071 ' value='1191350'   \/><label for='answer-id-1191350' id='answer-label-1191350' class=' answer'><span>Detection events are kept for 90 days<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304071[]' id='answer-id-1191351' class='answer   answerof-304071 ' value='1191351'   \/><label for='answer-id-1191351' id='answer-label-1191351' class=' answer'><span>Detections events are kept for your subscribed data retention period<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304071[]' id='answer-id-1191352' class='answer   answerof-304071 ' value='1191352'   \/><label for='answer-id-1191352' id='answer-label-1191352' class=' answer'><span>Detection events are kept for 7 days<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304071[]' id='answer-id-1191353' class='answer   answerof-304071 ' value='1191353'   \/><label for='answer-id-1191353' id='answer-label-1191353' class=' answer'><span>Detection events are kept for 30 days<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-44' style=';'><div id='questionWrap-44'  class='   watupro-question-id-304072'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>44. <\/span>What can the Quarantine Manager role do?<\/div><input type='hidden' name='question_id[]' id='qID_44' value='304072' \/><input type='hidden' id='answerType304072' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304072[]' id='answer-id-1191354' class='answer   answerof-304072 ' value='1191354'   \/><label for='answer-id-1191354' id='answer-label-1191354' class=' answer'><span>Manage and change prevention settings<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304072[]' id='answer-id-1191355' class='answer   answerof-304072 ' value='1191355'   \/><label for='answer-id-1191355' id='answer-label-1191355' class=' answer'><span>Manage quarantined files to release and download<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304072[]' id='answer-id-1191356' class='answer   answerof-304072 ' value='1191356'   \/><label for='answer-id-1191356' id='answer-label-1191356' class=' answer'><span>Manage detection settings<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304072[]' id='answer-id-1191357' class='answer   answerof-304072 ' value='1191357'   \/><label for='answer-id-1191357' id='answer-label-1191357' class=' answer'><span>Manage roles and users<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-45' style=';'><div id='questionWrap-45'  class='   watupro-question-id-304073'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>45. <\/span>How do you find a list of inactive sensors?<\/div><input type='hidden' name='question_id[]' id='qID_45' value='304073' \/><input type='hidden' id='answerType304073' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304073[]' id='answer-id-1191358' class='answer   answerof-304073 ' value='1191358'   \/><label for='answer-id-1191358' id='answer-label-1191358' class=' answer'><span>The Falcon platform does not provide reporting for inactive sensors<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304073[]' id='answer-id-1191359' class='answer   answerof-304073 ' value='1191359'   \/><label for='answer-id-1191359' id='answer-label-1191359' class=' answer'><span>A sensor is always considered active until removed by an Administrator<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304073[]' id='answer-id-1191360' class='answer   answerof-304073 ' value='1191360'   \/><label for='answer-id-1191360' id='answer-label-1191360' class=' answer'><span>Run the Inactive Sensor Report in the Host setup and management option<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304073[]' id='answer-id-1191361' class='answer   answerof-304073 ' value='1191361'   \/><label for='answer-id-1191361' id='answer-label-1191361' class=' answer'><span>Run the Sensor Aging Report within the Investigate option<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-46' style=';'><div id='questionWrap-46'  class='   watupro-question-id-304074'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>46. <\/span>The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. <br \/>\r<br>Which statement is TRUE concerning Falcon sensor certificate validation?<\/div><input type='hidden' name='question_id[]' id='qID_46' value='304074' \/><input type='hidden' id='answerType304074' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304074[]' id='answer-id-1191362' class='answer   answerof-304074 ' value='1191362'   \/><label for='answer-id-1191362' id='answer-label-1191362' class=' answer'><span>SSL inspection should be configured to occur on all Falcon traffic<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304074[]' id='answer-id-1191363' class='answer   answerof-304074 ' value='1191363'   \/><label for='answer-id-1191363' id='answer-label-1191363' class=' answer'><span>Some network configurations, such as deep packet inspection, interfere with certificate validation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304074[]' id='answer-id-1191364' class='answer   answerof-304074 ' value='1191364'   \/><label for='answer-id-1191364' id='answer-label-1191364' class=' answer'><span>HTTPS interception should be enabled to proceed with certificate validation<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304074[]' id='answer-id-1191365' class='answer   answerof-304074 ' value='1191365'   \/><label for='answer-id-1191365' id='answer-label-1191365' class=' answer'><span>Common sources of interference with certificate pinning include protocol race conditions and resource contention<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-47' style=';'><div id='questionWrap-47'  class='   watupro-question-id-304075'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>47. <\/span>You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message. <br \/>\r<br>What is the best way to update the workflow?<\/div><input type='hidden' name='question_id[]' id='qID_47' value='304075' \/><input type='hidden' id='answerType304075' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304075[]' id='answer-id-1191366' class='answer   answerof-304075 ' value='1191366'   \/><label for='answer-id-1191366' id='answer-label-1191366' class=' answer'><span>Clone the workflow and replace the existing email with your CISO's email<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304075[]' id='answer-id-1191367' class='answer   answerof-304075 ' value='1191367'   \/><label for='answer-id-1191367' id='answer-label-1191367' class=' answer'><span>Add a sequential action to send a custom email to your CISO<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304075[]' id='answer-id-1191368' class='answer   answerof-304075 ' value='1191368'   \/><label for='answer-id-1191368' id='answer-label-1191368' class=' answer'><span>Add a parallel action to send a custom email to your CISO<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304075[]' id='answer-id-1191369' class='answer   answerof-304075 ' value='1191369'   \/><label for='answer-id-1191369' id='answer-label-1191369' class=' answer'><span>Add the CISO's email to the existing action<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-48' style=';'><div id='questionWrap-48'  class='   watupro-question-id-304076'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>48. <\/span>You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they are not allowed to run in your environment. You have chosen to use Falcon to do this. <br \/>\r<br>Which is the best way to accomplish this?<\/div><input type='hidden' name='question_id[]' id='qID_48' value='304076' \/><input type='hidden' id='answerType304076' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304076[]' id='answer-id-1191370' class='answer   answerof-304076 ' value='1191370'   \/><label for='answer-id-1191370' id='answer-label-1191370' class=' answer'><span>Using the Support Portal, create a support ticket and include the list of binary hashes, asking support to create an &quot;Execution Prevention&quot; rule to prevent these processes from running<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304076[]' id='answer-id-1191371' class='answer   answerof-304076 ' value='1191371'   \/><label for='answer-id-1191371' id='answer-label-1191371' class=' answer'><span>Using Custom Alerts in the Investigate App, create a new alert using the template&quot;Process Execution&quot; and within that rule, select the option to &quot;Block Execution&quot;<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304076[]' id='answer-id-1191372' class='answer   answerof-304076 ' value='1191372'   \/><label for='answer-id-1191372' id='answer-label-1191372' class=' answer'><span>Using IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to &quot;Block&quot; and ensure that the prevention policy these computers are using includes the option for &quot;Custom Blocking&quot; under Execution Blocking.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304076[]' id='answer-id-1191373' class='answer   answerof-304076 ' value='1191373'   \/><label for='answer-id-1191373' id='answer-label-1191373' class=' answer'><span>Using the API, gather the list of SHA256 or MD5 hashes for each binary and then upload them, setting them all to &quot;Never Allow&quot;<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-49' style=';'><div id='questionWrap-49'  class='   watupro-question-id-304077'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>49. <\/span>Which is a filter within the Host setup and management &gt; Host management page?<\/div><input type='hidden' name='question_id[]' id='qID_49' value='304077' \/><input type='hidden' id='answerType304077' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304077[]' id='answer-id-1191374' class='answer   answerof-304077 ' value='1191374'   \/><label for='answer-id-1191374' id='answer-label-1191374' class=' answer'><span>User name<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304077[]' id='answer-id-1191375' class='answer   answerof-304077 ' value='1191375'   \/><label for='answer-id-1191375' id='answer-label-1191375' class=' answer'><span>OU<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304077[]' id='answer-id-1191376' class='answer   answerof-304077 ' value='1191376'   \/><label for='answer-id-1191376' id='answer-label-1191376' class=' answer'><span>BIOS Version<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304077[]' id='answer-id-1191377' class='answer   answerof-304077 ' value='1191377'   \/><label for='answer-id-1191377' id='answer-label-1191377' class=' answer'><span>Locality<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-50' style=';'><div id='questionWrap-50'  class='   watupro-question-id-304078'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>50. <\/span>How do you assign a Prevention policy to one or more hosts?<\/div><input type='hidden' name='question_id[]' id='qID_50' value='304078' \/><input type='hidden' id='answerType304078' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304078[]' id='answer-id-1191378' class='answer   answerof-304078 ' value='1191378'   \/><label for='answer-id-1191378' id='answer-label-1191378' class=' answer'><span>Create a new policy and assign it directly to those hosts on the Host Management page<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304078[]' id='answer-id-1191379' class='answer   answerof-304078 ' value='1191379'   \/><label for='answer-id-1191379' id='answer-label-1191379' class=' answer'><span>Modify the users roles on the User Management page<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304078[]' id='answer-id-1191380' class='answer   answerof-304078 ' value='1191380'   \/><label for='answer-id-1191380' id='answer-label-1191380' class=' answer'><span>Ensure the hosts are in a group and assign that group to a custom Prevention policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304078[]' id='answer-id-1191381' class='answer   answerof-304078 ' value='1191381'   \/><label for='answer-id-1191381' id='answer-label-1191381' class=' answer'><span>Create a new policy and assign it directly to those hosts on the Prevention policy page<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-51' style=';'><div id='questionWrap-51'  class='   watupro-question-id-304079'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>51. <\/span>Where do you obtain the Windows sensor installer for CrowdStrike Falcon?<\/div><input type='hidden' name='question_id[]' id='qID_51' value='304079' \/><input type='hidden' id='answerType304079' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304079[]' id='answer-id-1191382' class='answer   answerof-304079 ' value='1191382'   \/><label for='answer-id-1191382' id='answer-label-1191382' class=' answer'><span>Sensors are downloaded from the Hosts &gt; Sensor Downloads<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304079[]' id='answer-id-1191383' class='answer   answerof-304079 ' value='1191383'   \/><label for='answer-id-1191383' id='answer-label-1191383' class=' answer'><span>Sensor installers are unique to each customer and must be obtained from support<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304079[]' id='answer-id-1191384' class='answer   answerof-304079 ' value='1191384'   \/><label for='answer-id-1191384' id='answer-label-1191384' class=' answer'><span>Sensor installers are downloaded from the Support section of the CrowdStrike website<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304079[]' id='answer-id-1191385' class='answer   answerof-304079 ' value='1191385'   \/><label for='answer-id-1191385' id='answer-label-1191385' class=' answer'><span>Sensor installers are not used because sensors are deployed from within Falcon<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-52' style=';'><div id='questionWrap-52'  class='   watupro-question-id-304080'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>52. <\/span>Which of the following applies to Custom Blocking Prevention Policy settings?<\/div><input type='hidden' name='question_id[]' id='qID_52' value='304080' \/><input type='hidden' id='answerType304080' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304080[]' id='answer-id-1191386' class='answer   answerof-304080 ' value='1191386'   \/><label for='answer-id-1191386' id='answer-label-1191386' class=' answer'><span>Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304080[]' id='answer-id-1191387' class='answer   answerof-304080 ' value='1191387'   \/><label for='answer-id-1191387' id='answer-label-1191387' class=' answer'><span>Blocklisting applies to hashes, IP addresses, and domains<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304080[]' id='answer-id-1191388' class='answer   answerof-304080 ' value='1191388'   \/><label for='answer-id-1191388' id='answer-label-1191388' class=' answer'><span>Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304080[]' id='answer-id-1191389' class='answer   answerof-304080 ' value='1191389'   \/><label for='answer-id-1191389' id='answer-label-1191389' class=' answer'><span>You can only blocklist hashes via the API<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-53' style=';'><div id='questionWrap-53'  class='   watupro-question-id-304081'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>53. <\/span>An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?<\/div><input type='hidden' name='question_id[]' id='qID_53' value='304081' \/><input type='hidden' id='answerType304081' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304081[]' id='answer-id-1191390' class='answer   answerof-304081 ' value='1191390'   \/><label for='answer-id-1191390' id='answer-label-1191390' class=' answer'><span>File exclusions are not aligned to groups or hosts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304081[]' id='answer-id-1191391' class='answer   answerof-304081 ' value='1191391'   \/><label for='answer-id-1191391' id='answer-label-1191391' class=' answer'><span>There is a limit of three groups of hosts applied to any exclusion<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304081[]' id='answer-id-1191392' class='answer   answerof-304081 ' value='1191392'   \/><label for='answer-id-1191392' id='answer-label-1191392' class=' answer'><span>There is no limit and exclusions can be applied to any or all groups<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304081[]' id='answer-id-1191393' class='answer   answerof-304081 ' value='1191393'   \/><label for='answer-id-1191393' id='answer-label-1191393' class=' answer'><span>Each exclusion can be aligned to only one group of hosts<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-54' style=';'><div id='questionWrap-54'  class='   watupro-question-id-304082'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>54. <\/span>Why is it critical to have separate sensor update policies for Windows\/Mac\/*nix?<\/div><input type='hidden' name='question_id[]' id='qID_54' value='304082' \/><input type='hidden' id='answerType304082' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304082[]' id='answer-id-1191394' class='answer   answerof-304082 ' value='1191394'   \/><label for='answer-id-1191394' id='answer-label-1191394' class=' answer'><span>There may be special considerations for each OS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304082[]' id='answer-id-1191395' class='answer   answerof-304082 ' value='1191395'   \/><label for='answer-id-1191395' id='answer-label-1191395' class=' answer'><span>To assist with testing and tracking sensor rollouts<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304082[]' id='answer-id-1191396' class='answer   answerof-304082 ' value='1191396'   \/><label for='answer-id-1191396' id='answer-label-1191396' class=' answer'><span>The network protocols are different for each host OS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304082[]' id='answer-id-1191397' class='answer   answerof-304082 ' value='1191397'   \/><label for='answer-id-1191397' id='answer-label-1191397' class=' answer'><span>It is an auditing requirement<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-55' style=';'><div id='questionWrap-55'  class='   watupro-question-id-304083'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>55. <\/span>What information is provided in Logan Activities under Visibility Reports?<\/div><input type='hidden' name='question_id[]' id='qID_55' value='304083' \/><input type='hidden' id='answerType304083' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304083[]' id='answer-id-1191398' class='answer   answerof-304083 ' value='1191398'   \/><label for='answer-id-1191398' id='answer-label-1191398' class=' answer'><span>A list of all logons for all users<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304083[]' id='answer-id-1191399' class='answer   answerof-304083 ' value='1191399'   \/><label for='answer-id-1191399' id='answer-label-1191399' class=' answer'><span>A list of last endpoints that a user logged in to<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304083[]' id='answer-id-1191400' class='answer   answerof-304083 ' value='1191400'   \/><label for='answer-id-1191400' id='answer-label-1191400' class=' answer'><span>A list of users who are remotely logged on to devices based on local IP and local port<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-304083[]' id='answer-id-1191401' class='answer   answerof-304083 ' value='1191401'   \/><label for='answer-id-1191401' id='answer-label-1191401' class=' answer'><span>A list of unique users who are remotely logged on to devices based on the country<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-56'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons8063\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"8063\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-09 13:12:41\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1778332361\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"304029:1191182,1191183,1191184,1191185 | 304030:1191186,1191187,1191188,1191189 | 304031:1191190,1191191,1191192,1191193 | 304032:1191194,1191195,1191196,1191197 | 304033:1191198,1191199,1191200,1191201 | 304034:1191202,1191203,1191204,1191205 | 304035:1191206,1191207,1191208,1191209 | 304036:1191210,1191211,1191212,1191213 | 304037:1191214,1191215,1191216,1191217 | 304038:1191218,1191219,1191220,1191221 | 304039:1191222,1191223,1191224,1191225 | 304040:1191226,1191227,1191228,1191229 | 304041:1191230,1191231,1191232,1191233 | 304042:1191234,1191235,1191236,1191237 | 304043:1191238,1191239,1191240,1191241 | 304044:1191242,1191243,1191244,1191245 | 304045:1191246,1191247,1191248,1191249 | 304046:1191250,1191251,1191252,1191253 | 304047:1191254,1191255,1191256,1191257 | 304048:1191258,1191259,1191260,1191261 | 304049:1191262,1191263,1191264,1191265 | 304050:1191266,1191267,1191268,1191269 | 304051:1191270,1191271,1191272,1191273 | 304052:1191274,1191275,1191276,1191277 | 304053:1191278,1191279,1191280,1191281 | 304054:1191282,1191283,1191284,1191285 | 304055:1191286,1191287,1191288,1191289 | 304056:1191290,1191291,1191292,1191293 | 304057:1191294,1191295,1191296,1191297 | 304058:1191298,1191299,1191300,1191301 | 304059:1191302,1191303,1191304,1191305 | 304060:1191306,1191307,1191308,1191309 | 304061:1191310,1191311,1191312,1191313 | 304062:1191314,1191315,1191316,1191317 | 304063:1191318,1191319,1191320,1191321 | 304064:1191322,1191323,1191324,1191325 | 304065:1191326,1191327,1191328,1191329 | 304066:1191330,1191331,1191332,1191333 | 304067:1191334,1191335,1191336,1191337 | 304068:1191338,1191339,1191340,1191341 | 304069:1191342,1191343,1191344,1191345 | 304070:1191346,1191347,1191348,1191349 | 304071:1191350,1191351,1191352,1191353 | 304072:1191354,1191355,1191356,1191357 | 304073:1191358,1191359,1191360,1191361 | 304074:1191362,1191363,1191364,1191365 | 304075:1191366,1191367,1191368,1191369 | 304076:1191370,1191371,1191372,1191373 | 304077:1191374,1191375,1191376,1191377 | 304078:1191378,1191379,1191380,1191381 | 304079:1191382,1191383,1191384,1191385 | 304080:1191386,1191387,1191388,1191389 | 304081:1191390,1191391,1191392,1191393 | 304082:1191394,1191395,1191396,1191397 | 304083:1191398,1191399,1191400,1191401\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"304029,304030,304031,304032,304033,304034,304035,304036,304037,304038,304039,304040,304041,304042,304043,304044,304045,304046,304047,304048,304049,304050,304051,304052,304053,304054,304055,304056,304057,304058,304059,304060,304061,304062,304063,304064,304065,304066,304067,304068,304069,304070,304071,304072,304073,304074,304075,304076,304077,304078,304079,304080,304081,304082,304083\";\nWatuPROSettings[8063] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 8063;\t    \nWatuPRO.post_id = 95829;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.21181500 1778332361\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(8063);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n","protected":false},"excerpt":{"rendered":"<p>Efficiently prepare for your CrowdStrike Certified Falcon Administrator (CCFA) certification exam and overcome various challenges by using the most updated CCFA-200 dumps. DumpsBase\u2019s CCFA-200 dumps (V12.03) come with 152 practice exam questions and answers, helping you explore the latest CCFA-200 exam questions and get remarkable scores in the actual exam. Thoroughly practice all the CCFA-200 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14748,14749],"tags":[14746,18182],"class_list":["post-95829","post","type-post","status-publish","format-standard","hentry","category-crowdstrike","category-crowdstrike-falcon-certification-program","tag-ccfa-200-exam-dumps","tag-crowdstrike-certified-falcon-administrator-ccfa"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/95829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=95829"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/95829\/revisions"}],"predecessor-version":[{"id":95830,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/95829\/revisions\/95830"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=95829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=95829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=95829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}