TEST BORRADO, QUIZÁS LE INTERESE: Advanced Host Management & Setup Questions CCFA
COMENTARIOS |
ESTADÍSTICAS |
RÉCORDS
|
|---|
REALIZAR TEST
|
Título del Test:
Advanced Host Management & Setup Questions CCFA Descripción: Advanced Host Management & Setup Questions CCFA Autor: David OTROS TESTS DEL AUTOR Fecha de Creación: 11/12/2024 Categoría: Informática Número Preguntas: 20 |
COMPARTE EL TEST
Comentar
No hay ningún comentario sobre este test.
Temario:
|
Which report in the Falcon console allows you to identify hosts that have not communicated with the Falcon cloud in a specific time frame? Sensor Health Report Inactive Sensor Report Host Communication Report Endpoint Activity Report. What should you do if a host remains inactive in the Falcon console for more than 45 days? Reassign the host to a different group with a more aggressive policy. Remove the host from the console to free up resources. Disable the host's sensor to prevent unnecessary alerts. Investigate network connectivity and ensure the host can communicate with the Falcon cloud. How long are inactive sensors retained in the Falcon console before they are automatically removed? 15 days 30 days 45 days 60 days. Which of the following actions could cause a sensor to be marked as inactive in the Falcon console? The host undergoes a major operating system upgrade. The sensor fails to communicate with the Falcon cloud for more than 45 days. The host is moved to a different geographic region. The sensor is manually paused by an administrator. Which scenario would most likely require the manual reactivation of a sensor in the Falcon console? The host was offline for an extended period and failed to receive updates. The sensor was incorrectly assigned to a group with conflicting policies. The sensor has been disabled due to tamper protection settings. The host's operating system was reinstalled, and the sensor was not set to start automatically. Which of the following could cause a host to be placed into Reduced Functionality Mode (RFM)? A manual pause of the sensor's activity by the administrator. A misconfigured firewall blocking the sensor's communication with the Falcon cloud. A kernel update that is not supported by the currently installed sensor. An outdated sensor version that requires a manual update. How can you identify which hosts have recently been placed in Reduced Functionality Mode (RFM)? Use the Sensor Health Dashboard and filter by RFM status. Generate a report on host activity over the past 24 hours. Run a query in the Falcon console's API to list hosts in RFM. Manually check the status of each host in the Host Management page. What is the impact of disabling detections on a host in the Falcon console? The host will no longer send any data to the Falcon cloud. The host will be removed from all existing groups and policies. The detections are disabled temporarily and automatically re-enabled after 24 hours The host will no longer generate alerts, but the sensor continues to collect data silently. How would you disable detections for a host without affecting other hosts in the same group? Navigate to Host Management, select the host, and disable detections in the host's specific settings. Modify the detection settings for the entire group and manually exclude the other hosts. Create a custom policy that excludes the selected host and apply it. Use the Falcon API to disable detections programmatically for the specific host. What is the purpose of the "Agent Rollback" feature in the Falcon console? To restore a host's operating system to a previous state To revert a host's sensor to a previous stable version if issues are detected after an update. To undo policy changes applied to a specific host or group. To roll back the Falcon console to a previous configuration. Where can you locate a list of hosts that are currently in Reduced Functionality Mode (RFM)? Host Setup and Management > Manage Endpoints > Inactive Sensors Investigate > Hosts > RFM Filter Dashboards and Reports > Sensor Health Dashboard Endpoint Security > Monitor > Host Status. How can you troubleshoot a sensor that is not appearing in the Falcon console despite being installed? Manually trigger a sensor update from the Falcon console. Reinstall the Falcon console on the host machine. Verify that the host has an active internet connection and can reach the Falcon cloud. Disable the sensor and then re-enable it from the console. What should be done if a host remains inactive in the Falcon console for an extended period? Disable the host's sensor to prevent unnecessary alerts. Reassign the host to a different group with a more aggressive policy. Remove the host from the console to free up resources. Check network connectivity and ensure the host can communicate with the Falcon cloud. What happens if you disable a host in the Falcon console? The host remains active, but its detections are disabled. The host is moved to the trash and no longer sends data to the Falcon cloud. The sensor is uninstalled automatically from the host. The host's network activity is restricted until re-enabled. Which report would you consult to ensure that no hosts are running unsupported sensor versions? Host Compatibility Report Sensor Health Report Version Compliance Report Sensor Version Audit. Which step is necessary to ensure a Falcon sensor can be deployed successfully in a high-security environment with strict firewall rules? Pre-configure the firewall to allow outbound communication to specific CrowdStrike cloud addresses. Temporarily disable the firewall during sensor deployment. Use a dedicated deployment server within the secure network. Install the sensor in reduced functionality mode and upgrade later. How can you manage hosts that require specific sensor settings different from the rest of the organization? Assign a unique role to the users of those hosts to manage settings. Create a separate host group with its own sensor update policy tailored to those hosts. Apply a global policy to the organization but manually adjust settings on individual hosts. Disable automatic updates for those hosts and manage them manually. How would you handle a situation where a host has multiple Agent IDs (AIDs) in the Falcon console? Remove all the AIDs and re-enroll the host in the Falcon platform. Investigate if the sensor has been reinstalled multiple times and consider cleaning up duplicate entries. Assign the host to a new group to generate a new AID. Merge the multiple AIDs into a single identifier in the console. What is the best practice for managing hosts that frequently enter Reduced Functionality Mode (RFM)? Reinstall the operating system on affected hosts. Isolate the hosts in a dedicated group and apply specific troubleshooting policies. Implement kernel compatibility checks before applying updates. Increase the frequency of sensor updates to prevent compatibility issues. What is the effect of applying a sensor update policy to a host group containing both active and inactive hosts? Only active hosts will receive the update immediately, while inactive hosts will update once they reconnect. The update will fail for the entire group if any host is inactive. Inactive hosts will be automatically removed from the group before the update is applied. The update policy will apply only after all hosts in the group are active. |
Denunciar Test