Which of the following is NOT an available filter on the Hosts Management page?
A. Hostname
B. Username
C. Group
D. OS Version
You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?
A. Contact support and request that they modify the Machine Learning settings to no longer include this detection
B. Using IOC Management, add the hash of the binary in question and set the action to "Allow"
C. Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
D. Using IOC Management, add the hash of the binary in question and set the action to "No Action"
What command should be run to verify if a Windows sensor is running?
A. regedit myfile.reg
B. sc query csagent
C. netstat -f
D. ps -ef | grep falcon
What best describes the relationship between Sensor Update policies and Operating Systems?
A. Windows and Mac share Sensor Update policies. Linux requires its own set of polices based on the different kernel versions
B. Sensor Update polices are not Operating System specific. One policy can be applied to all Operating Systems
C. Windows has its own Sensor Update polices. But Mac and Linux share Sensor Update policies
D. A Sensor Update policy must be configured for each Operating System (Windows, Mac, Linux)
On the Host management page which filter could be used to quickly identify all devices categorized as a "Workstation" by the Falcon Platform?
A. Status
B. Platform
C. Hostname
D. Type
Which of the following uses Regex to create a detection or take a preventative action?
A. Custom IOC
B. Machine Learning Exclusion
C. Custom IOA D. Sensor Visibility Exclusion
You have a Windows host on your network in Reduced functionality mode (RFM). While the system is in RFM, which of the following is TRUE?
A. System monitoring will be unavailable
B. Event reporting will be unavailable
C. Prevention patterns will not be triggered
D. Some detection patterns and preventions will not be triggered
On a Windows host, what is the best command to determine if the sensor is currently running?
A. sc query csagent
B. netstat -a
C. This cannot be accomplished with a command
D. ping falcon.crowdstrike.com