On which page of the Falcon console can one locate the Customer ID (CID)?
When creating new IOCs in IOC management, which of the following fields must be configured?
Where can you find your company's Customer ID (CID)?
Which of the following Machine Learning (ML) sliders will only detect or prevent high confidence malicious items?
Which is the correct order for manually installing a Falcon Package on a macOS system?
You want to create a detection-only policy. How do you set this up in your policy's settings?
How many "Auto" sensor version update options are available for Windows Sensor Update Policies?
Where do you obtain the Windows sensor installer for CrowdStrike Falcon?
What best describes what happens to detections in the console after clicking "Disable Detections" for a host from within the Host Management page?
Where can you modify settings to permit certain traffic during a containment period?
Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?
What is the name for the unique host identifier in Falcon assigned to each sensor during sensor installation?
An analyst has reported they are not receiving workflow triggered notifications in the past few days. Where should you first check for potential failures?
Which of the following can a Falcon Administrator edit in an existing user's profile?
With Custom Alerts, it is possible to __________.
What is the purpose of a containment policy?
Which option best describes the general process Whereinstallation of the Falcon Sensor on MacOS?
Under the "Next-Gen Antivirus: Cloud Machine Learning" setting there are two categories, one of them is "Cloud Anti-Malware" and the other is:
What must an admin do to reset a user's password?
Which of the following is NOT a way to determine the sensor version installed on a specific endpoint?
How do you find a list of inactive sensors?
Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?
What should be disabled on firewalls so that the sensor's man-in-the-middle attack protection works properly?
What would be the most appropriate action to take if you wanted to prevent a folder from being uploaded to the cloud without disabling uploads globally?
Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?
Which of the following scenarios best describes when you would add IP addresses to the containment policy?
What can exclusions be applied to?
How does the Unique Hosts Connecting to Countries Map help an administrator?
After agent installation, an agent opens a permanent___connection over port 443 and keeps that connection open until the endpoint is turned off or the network connection is terminated.
When the Notify End Users policy setting is turned on, which of the following is TRUE?
Under which scenario can Sensor Tags be assigned?
What is the maximum number of patterns that can be added when creating a new exclusion?
Which role will allow someone to manage quarantine files?
What is the function of a single asterisk (*) in an ML exclusion pattern?
In order to exercise manual control over the sensor upgrade process, as well as prevent unauthorized users from uninstalling or upgrading the sensor, which settings in the Sensor Update Policy would meet this criteria?
What may prevent a user from logging into Falcon via single sign-on (SSO)?
Why would you assign hosts to a static group instead of a dynamic group?
Which of the following tools developed by Crowdstrike is intended to help with removal of the CrowdStrike Windows Falcon Sensor?
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?
You have a new patch server that should be reachable while hosts in your environment are network contained. The server's IP address is static and does not change. Which of the following is the best approach to updating the Containment Policy to allow this?
While a host is Network contained, you need to allow the host to access internal network resources on specific IP addresses to perform patching and remediation. Which configuration would you choose?
Which of the following applies to Custom Blocking Prevention Policy settings?