NO.14 Which is a filter within the Host setup and management > Host management page?

NO.15 Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?

NO.16 You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message. What is the best way to update the workflow?

NO.17 Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?

NO.18 What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?

NO.19 You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded. In the Sensor Update policy, which is the best Sensor version option to achieve these requirements?

NO.20 What is the name for the unique host identifier in Falcon assigned to each sensor during sensor installation?

NO.21 When creating a Host Group for all Workstations in an environment, what is the best method to ensure all workstation hosts are added to the group?

NO.22 Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?

NO.23 What is the maximum number of patterns that can be added when creating a new exclusion?

NO.24 You notice there are multiple Windows hosts in Reduced functionality mode (RFM). What is the most likely culprit causing these hosts to be in RFM?

NO.25 Which of the following is NOT a way to determine the sensor version installed on a specific endpoint?

NO.26 You need to export a list of all deletions for a specific Host Name in the last 24 hours. What is the best way to do this?

NO.27 Where do you obtain the Windows sensor installer for CrowdStrike Falcon?

NO.28 What is the purpose of a containment policy?

NO.29 In order to quarantine files on the host, what prevention policy settings must be enabled?

NO.30 Which exclusion pattern will prevent detections on a file at C:Program FilesMy ProgramMy Filesprogram.exe?

NO.31 To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

NO.32 You want to create a detection-only policy. How do you set this up in your policy’s settings?

NO.33 The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?

NO.34 When creating new IOCs in IOC management, which of the following fields must be configured?

NO.35 How does the Unique Hosts Connecting to Countries Map help an administrator?

NO.36 Which of the following is TRUE regarding Falcon Next-Gen AntiVirus (NGAV)?

NO.37 Which role will allow someone to manage quarantine files?

NO.38 What must an admin do to reset a user’s password?