CREAR TEST

TEST BORRADO, QUIZÁS LE INTERESE: CCFA - Practice Test 1

COMENTARIOS	ESTADÍSTICAS	RÉCORDS

REALIZAR TEST

Título del Test: CCFA - Practice Test 1 Descripción: Test práctico 1 de CCFA Autor: David OTROS TESTS DEL AUTOR Fecha de Creación: 05/12/2024 Categoría: Informática Número Preguntas: 30

COMPARTE EL TEST

Comentar

No hay ningún comentario sobre este test.

Temario:

What is the name of the uninstall tool provided by crowdstrike to uninstall the windows falcon sensor? You uninstall sensors from Host Management Uninstall.exe CsUninstallTool.exe FalconWinUninstall.exe. What is OS Feature Manager? Another term to refer to hosts on reduced functionality mode Monitors changes in the Windows kernel so the sensor can adapt appropriately A program to gather troubleshooting logs to send to support Its another term for channel files. What is the max number of Falcon/sensor grouping tags that can be added per 1000 Unlimited 100 50. You can only downgrade to a sensor version released in the last __ days. 180 60 90 120. Crowdstrike recommends not letting sensors age more than __ days after their release 180 30 60 90. To apply a Cutom IOA to machines, you need to assigned them to a? Sensor Update Policy Host group The hosts in host management Prevention Policy. Where in the console can you find a list of macOS hosts in Reduced Functionality Mode (RFM) Host Management > Use RFM filter Investigate>Visibility Reports>RFM Endpoint Security > Monitor > RFM RFM only happens for windows and Linux machines. What permissions will someone with the Real Time Responder - Read Only Analyst Role will have when connecting to a host? Can run a core set of read-only commands to do reconnaissance along with the get command to retrieve files Can run all commands and run custom scripts. Can run all commands, create custom scripts, and upload files to hosts. Can run a core set of read-only response commands to perform reconnaissance. While in a Real Time Response session (RTR), what is the command and maximum file size that can be retrieved? file,8GB get,4GB lsof,8GB find,4GB. Your agents need to be able to communicate to this cloud network. *.crowdstrike.us-2.com *.cloudsink.net *.crowdstrike.net *.cloudstrike.net. What is the command line flag needed when installing the Falcon sensor for Windows on a virtual machine template? VDI=1 PACURL=VM NO_START=1 ProvNoWait=1. Where can you see if your sensor visibility exclusions are working? Investigate> Exclusions > Sensor visibility Exclusions Audit Logs > Audit Logs > Sensor visibility Exclusions Endpoint Security > Sensor visibility Exclusions Audit Logs > Audit Logs > Exclusions. Which of the following statements are false regarding Sensor Visbility Exclusions? Processes that match file exclusion criteria will no longer generate the majority of events that would be seen otherwise, including process-related events Process tree and file name are captured.(Crowdstriky University) SHA256 digest is captured (Udemy) The sensor will continue to send EndOfProcess events on Windows and macOS. What are the 3 components of a condition in a falcon workflow? Parameter, Operator, and Value(Udemy) Trigger, Condition, Action.(Crowdstriky University) Parameter,condition, and value Trigger,Condition, and Notification. How can you uninstall the falcon sensor on a windows machine? Using device manager Select host from Host Management > actions > uninstall Uninstall it from control panel>programs and features Use the FalconWinUninstall.exe tool from Tool Downloads. What is a common reason for hosts to enter into Reduced Functionality Mode? After Linux kernel updates When the host can't connect to the console after 45 days. When hosts are not assigned a host group After Falcon updates. What is the reason to see a host with multiple Agent ID (AID) values? The endpoint entered Reduced Functionality Mode and exited that state The falcon sensor was installed more than once on the same machine The machine became active again after being inactive for 30 days. What is the command needed to install the falcon sensor on a RHEL, CentOS, or Amazon Linux machine? sudo zypper install <installer_filename> sudo dpkg -i <installer_filename> sudo yum install <installer_filename>. What hosts can be contained by Crowdstrike? Windows, macOS, and linux Windows and macOS only Windows and Linux only Windows Only. What happens to an active host when is accidently deleted/hidden from the host Management dashboard? There is no trash page. The host gets deleted immediately. It is moved to the Host Management -> Trash page, and continues to send events and enforce policies The host cannot be recovered and another sensor installation is required The host gets deleted after 30 days, and the host is unprotected. What are the modes the Falcon sensor for Linux can operate in? Kernel and RFM mode Kernel Mode, User Mode, and Reduced Functionality Mode (RFM) Kernel mode only Kernel, User, RFM, and watch modes. What is the maximum number of policies, including the default policy, you can have? 100 200 No limit 300. After installing the crowdstrike sensor, the agent opens a permanent TLS connection over port __? 80 22 443 434. What indicator, in IOC management, can you set to be BLOCKED? Domain, IP Address Domain IP Address Hash. What is the max number of Falcon/sensor grouping tags that can be added per CID? 10000 30000 1000 Unlimited. For how long are files retrieved from a Real Time Response session stored in the crowdstrike cloud? 30 days They are not stored 90 days 7 days. How often are installation tokens checked? Only once when the sensor is installed Daily to ensure token validation Every time the sensor connects to the CS cloud Every minute to ensure token still valid. Where do you find a list of inactive sensors? A sensor is always active until it is removed from the console. Investigate > Asset Status > Inactive Sensors Host setup and management > Manage Endpoints > Inactive Sensors Endpoint Security > Monitor > Inactive Sensors. What is the maximum amount of tokens you can have? 50 No limit 30 10. Which of the following filter fields are not available in the host management dashboard? Hostname Type OS Build Username.

Denunciar Test