CrowdStrike Certified Falcon Administrator Questions and Answers
Question 33
Under which scenario can Sensor Tags be assigned?
Options:
A.
While triaging a detection
B.
While managing hosts in the Falcon console
C.
While updating a sensor in the Falcon console
D.
While installing a sensor
Answer:
D
Explanation:
Explanation:
Check in documentation, there are two kind of tags, the Falcon Grouping Tags that can be managed in falcon console or API and the Sensor Grouping Tags that are configured as parameter in cli, that kind of tags can be diferentiated because it appears with the prefix SensorGroupingTags followed with the name of the tag. If you want to modify a sensor tag is necessary change a registry key value and reboot the device or waiting until the sensor is upgraded.
Question 34
What is the maximum number of patterns that can be added when creating a new exclusion?
Options:
A.
10
B.
0
C.
1
D.
5
Answer:
C
Explanation:
Explanation:
The maximum number of patterns that can be added when creating a new exclusion is one. Each exclusion can only have one pattern, which can be a file path, a hash, a command line or a user name. The other options are either incorrect or not related to creating exclusions. Reference: CrowdStrike Falcon User Guide, page 37.
Question 35
Which role will allow someone to manage quarantine files?
Options:
A.
Falcon Security Lead
B.
Detections Exceptions Manager
C.
Falcon Analyst – Read Only
D.
Endpoint Manager
Answer:
A
Explanation:
Explanation:
The role that will allow someone to manage quarantine files is Falcon Security Lead. This role allows users to view and manage quarantined files, as well as release them from quarantine or download them for further analysis. The other roles do not have this capability. Reference: CrowdStrike Falcon User Guide, page 19.
Question 36
Options:
A.
Enable Behavior-Based Threat Prevention sliders and Advanced Remediation Actions
B.
Enable Malware Protection and Windows Anti-Malware Execution Blocking
C.
Enable Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration
D.
Enable Malware Protection and Custom Execution Blocking
Answer:
C
Explanation:
Explanation:
The option that will enable Next-Gen Antivirus Prevention sliders and “Quarantine & Security Center Registration” is to enable Malware Protection and Windows Anti-Malware Execution Blocking. Malware Protection is a feature that enables the Next-Gen Antivirus Prevention sliders, which allow you to adjust the level of sensitivity and aggressiveness of the Falcon sensor’s machine learning engine, which uses artificial intelligence to identify and stop unknown threats. Windows Anti-Malware Execution Blocking is a feature that enables the “Quarantine & Security Center Registration” setting, which allows you to quarantine malicious files and register them in the Windows Security Center1.