CCFA-200b Exam Question 66
You are the Falcon Administrator for your organization, and you want to ensure you have accountability for the actions your Falcon users take.
What is the retention period of the audit logs within Falcon?
What is the retention period of the audit logs within Falcon?
CCFA-200b Exam Question 67
You can create Fusion SOAR workflows to precisely define the actions you want Falcon to perform in response to incidents.
Which three items must be defined in every trigger so that it executes successfully?
Which three items must be defined in every trigger so that it executes successfully?
CCFA-200b Exam Question 68
You need to be aware of which policies are the most used as new hosts are being added to your CID.
Where could you easily find a review of the top ten sensor update, prevention, and device control policies?
Where could you easily find a review of the top ten sensor update, prevention, and device control policies?
CCFA-200b Exam Question 69
On which page of the Falcon console can one locate the Customer ID (CID)?
CCFA-200b Exam Question 70
Your organization has determined that your cybersecurity architect needs to be notified via email whenever Falcon generates detections of a medium severity or higher. Additionally, the architect should be notified about any incidents with a CrowdScore of 1.0 or higher.
What can the Falcon Administrator do to ensure the architect is properly alerted?
What can the Falcon Administrator do to ensure the architect is properly alerted?
