option
Cuestiones
ayuda
daypo
CREAR TEST
buscar.php

TEST BORRADO, QUIZÁS LE INTERESE: CCFA Practice Test 2

COMENTARIOS ESTADÍSTICAS RÉCORDS
REALIZAR TEST
Título del Test:
CCFA Practice Test 2

Descripción:
Test Práctico 2 CCFA

Autor:
David
OTROS TESTS DEL AUTOR

Fecha de Creación: 05/12/2024

Categoría: Informática

Número Preguntas: 30
COMPARTE EL TEST
ComentarNuevo Comentario
No hay ningún comentario sobre este test.
Temario:
What command line flag can you use at deployment to assign a tag to a host? HOST_TAG GROUPING_TAGS FALCON_TAGS TAGS.
Where can you find Linux host that are in Reduced Functionality Mode (RFM)? Investigate > RFM Linux Host Setup and Management > Manage Endpoints > Sensor Health Activity Dashboard Dashboards and Reports > Reports > Sensor Report.
How can you have a prevention policy that only detects but does not prevent anything? You must set the three detection sliders to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options You cannot have a sensor on detection mode only Put the policy on monitor mode and you will see would be block detections in detections page of the files that would have been blocked if watch mode was enabled. On the prevention policy, set the Cloud and Sensor Machine Learning detection and prevention sliders to the desired level and put the policy on monitor mode instead of enforced mode.
On-demand scans are only available to run on ____ devices. Any operating system Windows and Linux Windows and MacOS Windows.
How many hosts can you add to a static group at once? Unlimited 500 50 1000.
What happens when you release a quarantined file? The file is allowed to execute on that host. Releasing a file does not affect other hosts. It goes back to its original folder, but it gets quarantined again when it tries to run. You need to whitelist it first Its hash is added to IOC management as allowed to run in your environment The file is allowed to run in all hosts in your environment.
A file was quarantined and you released it. After doing more investigation you decide to undo the release of that file. What happens to that file? The file is deleted. The file gets quarantined immediately The file hash gets added to the blocklist in IOC management The file is treated as malicious again. The next time the file attempts to execute, the sensor blocks and quarantines it again. The sensor does not quarantine the file immediately.
What is the primary purpose of using host groups with sensor update policies in CrowdStrike? To allow the controlled assignment of sensor versions onto specific hosts To control the throttle sensor update rate To control network bandwidth To allow the order in which sensors are upgraded.
Where can you find a report/dashboard with a summary of the agent versions of your hosts? Investigate > Hunt > Agent Health Dashboard Host Setup and Management > Manage Endpoints > Sensor Health Dashboards and Reports > Reports > Sensor Report Host Setup and management > Agent Health.
Which of the following installation flags is important when installing a Windows sensor on hosts using IE proxy detection? NO_START=1 APP_PROXYNAME=1 ProvNoWait=1 VDI=1.
Why would you run command (sc.exe query csagent) in a windows machine for? To restart the sensor if it goes inactive To verify that the sensor is running To see the falcon sensor version To uninstall the crowdstrike sensor.
What is the minimum user role needed to use the "get" command in a RTR session? RTR-Active Responder Falcon Security Lead Falcon Administrator RTR - Read Only Analyst.
While installing the falcon sensor, if the host can't contact crowdstrike cloud, it will retry the connection for __ minutes. After that, the host will automatically uninstall its sensor. 20 30 40 40.
For how long, does CrowdStrike keep detection data in the cloud? 90 days 60 days 120 days 30 days.
Where can you see the allowed email domains in the Crowdstrike console? Audit Logs > Allowed Domains Support and Resources > Support > Email Settings Support and Resources > General Settings.
On Windows Server 2016, Server 2019, and Server 2022, Windows Defender is enabled by default. To use quarantine on these operating systems, you must disable Defender. What is the command to disable defender? Set-MpPreference -DisableMonitoring $false Set-MpPreference -DisableDefender $true Set-MpPreference -DisableMonitoring $true Set-MpPreference -DisableRealtimeMonitoring $true.
Up to how many hosts can you delete/hide at once? 300 Unlimited 100 200.
What dashboard shows you unsupported sensor versions running in your environment? Host Setup and Management > Manage Endpoints > Host Management Host Setup and Management > Manage Endpoints > Host Dashboard Host Setup and Management > Manage Endpoints > Sensor Health Dashboards and Reports > Reports > Sensor Report.
Where can you find quarantined files? Endpoint security > Monitor > Quarantined files Host Setup and Management > Manage Endpoints > Quarantined files Audit Logs > Audit Logs > Quarantined files Investigate > Search > Quarantined files.
When running an on-demand scan, what type of files are scanned and quarantined? Portable Executable (PE) files such as .exe and .dll files .zip, .pst, .exe, and .dll files There are no on-demand scans. The sensor never stops scanning Any file format.
Which user role can run the "put" command to transfer files to a host in a Real Time Response session? RTR Read Only Analyst RTR Administrator Falcon Administrator RTR Active Responder.
What do falcon sensors need to download to be considered "fully provisioned"? Sensor Policy Channel Files Prevention Policy First heartbeat to the cloud.
What is the Prevention Policy Debug report used for? Helps administrators troubleshoot a prevention policy/setting not being applied on a host Lets you see details when you get an error while creating a prevention policy Shows you the hosts that are in a specific prevention policy It helps administrators see hosts without a prevention policy.
What kind of information may be found in the Falcon UI Audit Trail Dashboard? Details about user and API activity in the Falcon console Executables that could have been blocked if prevention policy sliders where set more aggressively Prevention Policy not applied to hosts Failed API requests.
What prevention policy settings must be in place, for your endpoints to quarantine files? Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabled Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled Malware Protection and Custom Execution Blocking must be enabled Malware Protection and Windows Anti-Malware Execution Blocking must be enabled.
Which dashboard can give you a count of Sensors with duplicate AID? Executive Summary Dashboards and Reports > All Dashboards > Managed Assets Dashboards and Reports > All Dashboards > Assets Overview Dashboards and Reports > All Dashboards > Sensor Report.
Where do you find the number of files that would have been blocked based upon the level of Machine Learning Prevention settings (Cautious, Moderate, or Aggressive)? Prevention Policy Confidence Dashboard Investigate > Event Search > Audit > Machine-Learning Prevention Monitoring Audit logs > Audit logs > Machine-learning prevention monitoring Prevention Policy Debug.
When deploying the CS sensor on a Mac, what are some host authorizations required for the sensor to work properly? Crowdstrike Kernel extension and BIOS visibility through an MDM profile System extension, Network filter extension, Crowdstrike full disk access. The Mac sensor does not need any special host authorizations. Download the .pkg and paste the CCID The Mac sensor can only be deployed with an MDM and a profile. You cannot manually install the Mac sensor. The profile allows full disk access to Crowdstrike on the host.
When adding multiple tags in a host during deployment, what do you have to use to seperate the tags in the command line flag? COMMA-, PARENTHESIS-() DOT-. SPACE.
What are the three type of exclusions you can have in Crowdstrike? Machine Learning, Signature Confidence, Sensor exclusions Machine Learning, Indicator of Compromise, Sensor exclusions Artificial Intelligence, Indicator of attack, Sensor visibility exclusions Machine Learning, Indicator of attack, Sensor visibility.
Denunciar Test