CCFA-200b Exam Question 66

You are the Falcon Administrator for your organization, and you want to ensure you have accountability for the actions your Falcon users take.
What is the retention period of the audit logs within Falcon?
  • CCFA-200b Exam Question 67

    You can create Fusion SOAR workflows to precisely define the actions you want Falcon to perform in response to incidents.
    Which three items must be defined in every trigger so that it executes successfully?
  • CCFA-200b Exam Question 68

    You need to be aware of which policies are the most used as new hosts are being added to your CID.
    Where could you easily find a review of the top ten sensor update, prevention, and device control policies?
  • CCFA-200b Exam Question 69

    On which page of the Falcon console can one locate the Customer ID (CID)?
  • CCFA-200b Exam Question 70

    Your organization has determined that your cybersecurity architect needs to be notified via email whenever Falcon generates detections of a medium severity or higher. Additionally, the architect should be notified about any incidents with a CrowdScore of 1.0 or higher.
    What can the Falcon Administrator do to ensure the architect is properly alerted?