What is true about User Accounts created by the Falcon Administrator?
Correct Answer: D
CCFA-200b Exam Question 92
Which of the follow should be used with extreme caution because it may introduce additional security risks such as malware or other attacks which would not be recorded, detected, or prevented based on the exclusion syntax?
Correct Answer: D
The option that should be used with extreme caution because it may introduce additional security risks such as malware or other attacks which would not be recorded, detected, or prevented based on the exclusion syntax is IOA Exclusions. An IOA (indicator of attack) exclusion allows you to define custom rules for excluding suspicious behavior from detection or prevention based on process execution, file write, network connection, or registry events. However, using IOA exclusions may reduce the visibility and protection of the Falcon sensor, as it may allow malicious activity to bypass the sensor's detection and prevention capabilities. Therefore, you should use IOA exclusions with extreme caution and only when necessary.
CCFA-200b Exam Question 93
Why would you use the Prevention Policy Debug Report?
Correct Answer: B
CCFA-200b Exam Question 94
What type of information is found in the Linux Sensors Dashboard?
Correct Answer: A
The type of information that is found in the Linux Sensors Dashboard is Hosts by Kernel Version, Shells spawned by Root, Wget/Curl Usage. The Linux Sensors Dashboard is a dashboard that provides an overview of the Linux hosts in your environment that have Falcon sensors installed. You can use this dashboard to monitor the health and activity of your Linux hosts, such as their kernel versions, root shell usage, network communication, detections, and preventions.
CCFA-200b Exam Question 95
Where in the Falcon platform can you confirm the sensor build version installed on a particular host?