option
Cuestiones
ayuda
daypo
CREAR TEST
buscar.php

TEST BORRADO, QUIZÁS LE INTERESE: CCFA Practice Test 3

COMENTARIOS ESTADÍSTICAS RÉCORDS
REALIZAR TEST
Título del Test:
CCFA Practice Test 3

Descripción:
Test Práctico 3 de CCFA

Autor:
David
OTROS TESTS DEL AUTOR

Fecha de Creación: 05/12/2024

Categoría: Informática

Número Preguntas: 30
COMPARTE EL TEST
ComentarNuevo Comentario
No hay ningún comentario sobre este test.
Temario:
During CS sensor installation, what command line flag/parameter do you need if you use a proxy? PACURL=<Pac file URL> PROXY= PROXY_APP= NO_START=1.
To provide troubleshooting info for sensor issues to support, what tool can be used? FalconWinDiag SCWinDiag CSWinDiag CSWinDiagnostics.
How are Inactive hosts in Host Setup and Management > Inactive Sensors identified? Offline Since Last Seen date and time Last seen Last active.
If a user wanted to install an older version of the Falcon sensor, how would they find the older installer file? By clicking one of the "Older Versions" link in the Sensor Downloads page Support and Resources > Resources Tools > Tool Downloads Host Setup and Management > Deploy > Sensor Downloads Legacy Host Setup and Management > Deploy > Sensor Older Downloads.
What model are workflows built? Trigger, Condition, and Notification Trigger, sequence, and Action Trigger, Condition, and Action Statement, Condition, and Action.
Where can you see if a workflow failed to execute? Fusion Workflows > Execution Audit Fusion Workflows > Execution Log Fusion Workflows > Audit Logs Fusion Workflows > All workflows > Workflows Audit.
How do you change your own password in the Falcon console? Click user icon > Click your name > User Profile Settings > Change password > Click the link found on the email sent from Crowdstrike > Input New Password Click user icon > Click your name > User Profile > Find your user > 3 dots > Reset Password > Input New Password Click user icon > Click your name > In user profile click change password > input your current and new password User Management > Find your account > Click 3 dots > Reset Password > On the pop-up window, input your new password.
Which type of sensor event is sent periodically to the cloud with configuration and sensor health information? Lfodownloadconfirmation SensorHeartbeat Process Rollup Falcon Signal.
What role do you need to create and edit workflows? Falcon Security Lead Workflow Manager Workflow Author Workflow Administrator.
Which feature of the CrowdStrike Falcon platform allows administrators to proactively detect and respond to potential threats by creating custom rules based on specific conditions? Custom Indicator of Compromise Prevention IOC Falcon Watchlists Custom IOAs.
Which of the following is true regarding NGAV? Falcon NGAV is not a replacement for Windows Defender or other antivirus programs Activating Falcon NGAV will also enable all detection and prevention settings in the entire policy The detection slider cannot be set to a setting less aggressive than the prevention slider.
Which feature of CrowdStrike Falcon is used to detect and prevent fileless malware attacks? Machine Learning Artificial Intelligence Indicator of Attack (IOA) Behavioral Engine.
Implementing a new custom IOA to trigger detections on your hosts involves following steps: Create rule group, add the custom IOA rule to the rule group, enable the rule and rule group, Assign the rule group to a sensor update policy Create rule group, add the custom IOA rule to the rule group, enable the rule and rule group, Assign the rule group to a host group Create rule group, add the custom IOA rule to the rule group, Assign the rule group to a prevention policy Create rule group, add the custom IOA rule to the rule group, enable the rule and rule group, Assign the rule group to a prevention policy.
Where do you set up automated detection emails? Click on user icon top right > Click your name > Manage list for detection and incident emails Support and Resources > General Settings > Manage list for detection and incident emails Add your email on the prevention policies Support and Resources > Notifications > Manage list for detection and incident emails.
Where can you see who created or edited a workflow? Audit Logs > Fusion Workflow > Activity Dashboard Fusion Workflows > Audit Logs Fusion Workflows > Execution Log Audit Logs > Fusion Workflows > Audit Logs.
Where can you see if a Mac was properly setup giving Crowdstrike Full Disk Access? Dashboards and Reports > Executive Summary Host Setup and Management > Manage Endpoints > Zero Trust Assessment There is not a way to see if this was set up. Only in the physical machine Host Setup and Management > Host Management.
Falcon Sensor uses certificate pinning to defend against man-in-the-middle attacks. Some network configurations that use _____ can interfere with certificate validation DHCP TCP/IP inspection VPN Deep packet inspection.
How are Machine Learning exclusions applied to hosts? By prevention policy By selecting all hosts or groups of hosts to target By selecting each host individually By selecting host groups but not all hosts.
When viewing the prevention policy attached to the host, what is not a valid value in the prevention policy column? "No Policy" Invalid Policy {Policy Name} & "{Applied Date}" {Policy Name} & "Changes pending".
Which of the following Custom I0A rule types are supported by Windows, macOS, and Linux OS Process creation and file creation Process creation Network connection, Domain Name, File Creation, and Process creation Network connection, File Creation, Process creation.
What is a containment policy used for? It is a blocklist where you can add malicious IP addresses Its where you add your firewall addresses to allow your sensors to connect to the cloud when deploying the CS sensor. To allow IP addresses over which your hosts will be allowed to communicate, even if a host is contained. This is where you can setup conditions to contain a host if it does not meet compliance settings.
What happens when you disable detections for a host? The detections for that host are removed from the console immediately. No new detections display in the console going forward unless detections are enabled. You cannot disable detections on a host unless you set prevention policy sliders in Cautious mode. Past detections are deleted, even when detections are enabled again. You have 24hrs until detections are enabled again.
How are user permissions set in Falcon? Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions An administrator selects individual granular permissions from the Falcon Permissions List during user creation Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions.
How many auto assignment options are there for sensor update policies? 3 2 1 4.
If a host’s sensor is not assigned a host group assignment, what sensor update policy will it receive? No policy is applied. The policy with highest precedence (1) Auto-Latest The default policy.
Sensor Update Policies needs to be setup for each OS (windows, Mac, Linux) because… Sensor Update policies are NOT dependent of the OS. Windows and MacOS share the same sensor update policy. Linux needs its own policy Sensor Update policies are dependent of the OS You just need to create one sensor update policy and gets applied to all Operating Systems.
Where do you disable detections for a host? Host group>Add Host>Check disable detections Host management >Select host> Host detail panel appears > click disable detections Host Management>Select host>Actions Button>Disable sensor Add the host to a prevention policy where the NGAV sliders are set to Cautious.
Including the default policy, what is the total number of prevention policies you can have? 50 Unlimited 100 200.
Which of the following is not an option when selecting a notifcation for Workflow (Falcon Fusion) actions? PagerDuty Notification Microsoft Teams Notification Slack Notification Host pop-up notification.
If your sensor requires more time to connect to the Crowdstrike cloud during installation, what parameter can you use? NO_START=1 ProvTimeWait=360000 Provision=3600000 ProvNoWait=1.
Denunciar Test