CrowdStrike Certified Falcon Responder Questions and Answers
Question 17
What is the difference between Managed and Unmanaged Neighbors in the Falcon console?
Options:
A.
A managed neighbor is currently network contained and an unmanaged neighbor is uncontained
B.
A managed neighbor has an installed and provisioned sensor
C.
An unmanaged neighbor is in a segmented area of the network
D.
A managed sensor has an active prevention policy
Answer:
B
Explanation:
Explanation:
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, you can use the Hosts page in the Investigate tool to view information about your endpoints, such as hostname, IP address, OS, sensor version, etc2. You can also see a list of managed and unmanaged neighbors for each endpoint, which are other devices that have communicated with that endpoint over the network2. A managed neighbor is a device that has an installed and provisioned sensor that reports to the CrowdStrike Cloud2. An unmanaged neighbor is a device that does not have an installed or provisioned sensor2.
Question 18
Which of the following is NOT a filter available on the Detections page?
Options:
A.
Severity
B.
CrowdScore
C.
Time
D.
Triggering File
Answer:
D
Explanation:
Explanation:
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the Detections page allows you to view and manage detections generated by the CrowdStrike Falcon platform2. You can use various filters to narrow down the detections based on criteria such as severity, CrowdScore, time, tactic, technique, etc2. However, there is no filter for triggering file, which is the file that caused the detection2.