CCFA PPACTICE EXAM QUESTIONS WITH
COMPLETE SOLUTIONS!!
Aside from an event search, where in Falcon do you find
failed logon attempts? ✔✔Exposure Management >
Failed Logons
How long are inactive sensors retained for in the Host
Management Page and visible in the inactive sensors
page? ✔✔45 Days
What happens when you undo a release from
quarantine? ✔✔The Falcon sensor treats the file as
malicious again. The next time the file attempts to
execute, the sensor blocks and quarantines it again.
What is IOC Management used for? ✔✔To allowlist
executables as a compensating control for false
positives or to reduce noise.
,Where can you locate a list of MacOS hosts that are in
Reduced Functionality Mode? ✔✔RFM doesn't apply
to MacOS hosts.
What is the max number of grouping tags that can be
added per host? ✔✔50
How many hosts can you assign to a static host group at
a time? ✔✔1000
Around what model are Fusion Workflows built?
✔✔Trigger, Condition, Action
What causes a Falcon sensor to go into Reduced
Functionality Mode? ✔✔When the agent is not
compatible with the current version of the kernel
running on the operating system.
What is the Prevention Policy Debug report used for?
✔✔To debug issues with prevention policies not being
set
, How do you change your own password in the Falcon
console if you're not using Single Sign-on? ✔✔After
logging in, go to the User Profile settings and click the
Change Password link. Then supply your current and
new passwords.
What kind of information may be found in the Falcon UI
Audit trail? ✔✔Details about user and API activity in
the Falcon console
What are the available methods for uninstalling a Falcon
sensor on a Windows OS? ✔✔Use the Windows
Control Panel
What is a required field when creating users? ✔✔User
Email
Quarantined file records are found where?
✔✔Endpoint security > Monitor > Quarantined Files
COMPLETE SOLUTIONS!!
Aside from an event search, where in Falcon do you find
failed logon attempts? ✔✔Exposure Management >
Failed Logons
How long are inactive sensors retained for in the Host
Management Page and visible in the inactive sensors
page? ✔✔45 Days
What happens when you undo a release from
quarantine? ✔✔The Falcon sensor treats the file as
malicious again. The next time the file attempts to
execute, the sensor blocks and quarantines it again.
What is IOC Management used for? ✔✔To allowlist
executables as a compensating control for false
positives or to reduce noise.
,Where can you locate a list of MacOS hosts that are in
Reduced Functionality Mode? ✔✔RFM doesn't apply
to MacOS hosts.
What is the max number of grouping tags that can be
added per host? ✔✔50
How many hosts can you assign to a static host group at
a time? ✔✔1000
Around what model are Fusion Workflows built?
✔✔Trigger, Condition, Action
What causes a Falcon sensor to go into Reduced
Functionality Mode? ✔✔When the agent is not
compatible with the current version of the kernel
running on the operating system.
What is the Prevention Policy Debug report used for?
✔✔To debug issues with prevention policies not being
set
, How do you change your own password in the Falcon
console if you're not using Single Sign-on? ✔✔After
logging in, go to the User Profile settings and click the
Change Password link. Then supply your current and
new passwords.
What kind of information may be found in the Falcon UI
Audit trail? ✔✔Details about user and API activity in
the Falcon console
What are the available methods for uninstalling a Falcon
sensor on a Windows OS? ✔✔Use the Windows
Control Panel
What is a required field when creating users? ✔✔User
Quarantined file records are found where?
✔✔Endpoint security > Monitor > Quarantined Files
