Cuestiones
ayuda
option
Mi Daypo

TEST BORRADO, QUIZÁS LE INTERESEfa_test_2

COMENTARIOS ESTADÍSTICAS RÉCORDS
REALIZAR TEST
Título del test:
fa_test_2

Descripción:
fa test part 2

Autor:
juananpc
(Otros tests del mismo autor)

Fecha de Creación:
17/04/2023

Categoría:
Informática

Número preguntas: 53
Comparte el test:
Facebook
Twitter
Whatsapp
Comparte el test:
Facebook
Twitter
Whatsapp
Últimos Comentarios
No hay ningún comentario sobre este test.
Temario:
Why is it important to know your company's event data retention limits in the Falcon platform? This is not necessary; you simply select "All Time" in your query to search all data You will not be able to search event data into the past beyond your retention period Data such as process records are kept for a shorter time than event data Your query will require you to specify the data pool associated with the date you wish to search.
You need to export a list of all deletions for a specific Host Name in the last 24 hours. What is the best way to do this? Go to Host Management in the Host page. Select the host and use the Export Detections button Utilize the Detection Resolution Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detection Resolution History" section In the Investigate module, access the Detection Activity page. Use the filters to focus on the appropriate hostname and time, then export the results Utilize the Detection Activity Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detections by Host" section.
What must an admin do to reset a user's password? From User Management, open the account details for the affected user and select "Generate New Password" From User Management, select "Reset Password" from the three dot menu for the affected user account From User Management, select "Update Account" and manually create a new password for the affected user account From User Management, the administrator must rebuild the account as the certificate for user specific private/public key generation is no longer valid.
Why would you assign hosts to a static group instead of a dynamic group? You do not want the group membership to change automatically You are managing more than 1000 hosts You need hosts to be automatically assigned to a group You want the group to contain hosts from multiple operating systems.
In order to exercise manual control over the sensor upgrade process, as well as prevent unauthorized users from uninstalling or upgrading the sensor, which settings in the Sensor Update Policy would meet this criteria? Sensor version set to N-1 and Bulk maintenance mode is turned on Sensor version fixed and Uninstall and maintenance protection turned on Sensor version updates off and Uninstall and maintenance protection turned off Sensor version set to N-2 and Bulk maintenance mode is turned on.
When creating an API client, which of the following must be saved immediately since it cannot be viewed again after the client is created? Base URL Secret Client ID Client name.
You want to create a detection-only policy. How do you set this up in your policy's settings? Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender. Select the "Detect-Only" template. Disable hash blocking and exclusions. You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect. Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.
Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy? Sensor Report Machine Learning Prevention Monitoring Falcon UI Audit Trail Machine Learning Debug.
What is the purpose of a containment policy? To define which Falcon analysts can contain endpoints To define the duration of Network Containment To define the trigger under which a machine is put in Network Containment (e.g. a critical detection) To define allowed IP addresses over which your hosts will communicate when contained.
Which of the following can a Falcon Administrator edit in an existing user's profile? First or Last name Phone number Email address Working groups.
Which of the following best describes the Default Sensor Update policy? The Default Sensor Update policy does not have the "Uninstall and maintenance protection" feature The Default Sensor Update policy is only used for testing sensor updates The Default Sensor Update policy is a "catch-all" policy The Default Sensor Update policy is disabled by default.
How does the Unique Hosts Connecting to Countries Map help an administrator? It highlights countries with known malware It helps visualize global network communication It identifies connections containing threats It displays intrusions from foreign countries.
While a host is Network contained, you need to allow the host to access internal network resources on specific IP addresses to perform patching and remediation. Which configuration would you choose? Configure a Real Time Response policy allowlist with the specific IP addresses Configure a Containment Policy with the specific IP addresses Configure a Containment Policy with the entire internal IP CIDR block Configure the Host firewall to allowlist the specific IP addresses.
Which of the following is NOT a way to determine the sensor version installed on a specific endpoint? Use the Sensor Report to filter to the specific endpoint Use Host Management to select the desired endpoint. The agent version will be listed in the columns and details From a command line, run the sc query csagent -version command Use the Investigate > Host Search to filter to the specific endpoint.
Which of the following is NOT an available filter on the Hosts Management page? Hostname Username Group OS Version.
When configuring a specific prevention policy, the admin can align the policy to two different types of groups, Host Groups and which other? Custom IOA Rule Groups Custom IOC Groups Enterprise Groups Operating System Groups.
How do you assign a policy to a static group of hosts? Create a group containing the desired hosts using "Static Assignment." Go to the Assigned Host Groups tab of the desired policy and dick "Add groups to policy." Select the desired Group(s). Assign a tag to the desired hosts in Host Management. Create a group with an assignment rule based on that tag. Go to the Assignment tab of the desired policy and click "Add Groups to Policy." Select the desired Group(s). Create a group containing the desired hosts using "Dynamic Assignment." Go to the Assigned Host Groups tab of the desired policy and select criteria such as OU, OS, Hostname pattern, etc. On the Assignment tab of the desired policy, select "Static" assignment. From the next window, select the desired hosts (using fitters if needed) and click Add.
What is the goal of a Network Containment Policy? Increase the aggressiveness of the assigned prevention policy Limit the impact of a compromised host on the network Gain more visibility into network activities Partition a network for privacy.
You are evaluating the most appropriate Prevention Policy Machine Learning slider settings for your environment. In your testing phase, you configure the Detection slider as Aggressive. After running the sensor with this configuration for 1 week of testing, which Audit report should you review to determine the best Machine Learning slider settings for your organization? Prevention Policy Audit Trail Prevention Policy Debug Prevention Hashes Ignored Machine-Learning Prevention Monitoring.
You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded. In the Sensor Update policy, which is the best Sensor version option to achieve these requirements? Specific sensor version number Auto - TEST-QA Sensor version updates off Auto - N-1.
Which of the following roles allows a Falcon user to create Real Time Response Custom Scripts? Real Time Responder – Administrator Real Time Responder – Read Only Analyst Real Time Responder – Script Developer Real Time Responder – Active Responder.
The Logon Activities Report includes all of the following information for a particular user EXCEPT ___________. the account type for the user (e.g. Domain Administrator, Local User) all hosts the user logged into the logon type (e.g. interactive, service) the last time the user's password was set.
What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform? For - While statement(s) Trigger, condition(s) and action(s) Event trigger(s) Predefined workflow template(s).
What are custom alerts based on? Custom workflows Custom event based triggers Predefined alert templates User defined Splunk queries.
Which role is required to manage groups and policies in Falcon? Falcon Host Analyst Falcon Host Administrator Prevention Hashes Manager Falcon Host Security Lead.
When would the No Action option be assigned to a hash in IOC Management? When you want to save the indicator for later action, but do not want to block or allow it at this time Add the indicator to your allowlist and do not detect it There is no such option as No Action available in the Falcon console Add the indicator to your blocklist and show it as a detection.
To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective? Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block Using IOC management, import the list of hashes and IP addresses and set the action to No Action.
When the Notify End Users policy setting is turned on, which of the following is TRUE? End users will not be notified as we would not want to notify a malicious actor of a detection. This setting does not exist End users will be immediately notified via a pop-up that their machine is in-network isolation End-users receive a pop-up notification when a prevention action occurs End users will receive a pop-up allowing them to confirm or refuse a pending quarantine.
You notice there are multiple Windows hosts in Reduced functionality mode (RFM). What is the most likely culprit causing these hosts to be in RFM? A Sensor Update Policy was misconfigured A host was offline for more than 24 hours A patch was pushed overnight to all Windows systems A host was placed in network containment from a detection.
You are beginning the rollout of the Falcon Sensor for the first time side-by-side with your existing security solution. You need to configure the Machine Learning levels of the Prevention Policy so it does not interfere with existing solutions during the testing phase. What settings do you choose? Detection slider: Extra Aggressive Prevention slider: Cautious Detection slider: Moderate Prevention slider: Disabled Detection slider: Cautious Prevention slider: Cautious Detection slider: Disabled Prevention slider: Disabled .
The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon? Policy alignment is configured in the "Host Management" section in the Hosts application Policy alignment is configured only once during the initial creation of the policy in the "Create New Policy" pop-up window Policy alignment is configured in the General Settings section under the Configuration menu Policy alignment is configured in each policy in the "Assigned Host Groups" tab.
Which of the following is TRUE regarding Falcon Next-Gen AntiVirus (NGAV)? Falcon NGAV relies on signature-based detections Activating Falcon NGAV will also enable all detection and prevention settings in the entire policy The Detection sliders cannot be set to a value less aggressive than the Prevention sliders Falcon NGAV is not a replacement for Windows Defender or other antivirus programs.
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this? The API client secret can be viewed from the Edit API client pop-up box Enable the Client Secret column to reveal the API client secret Re-create the API client using the exact name to see the API client secret The API client secret cannot be retrieved after it has been created.
What is the name for the unique host identifier in Falcon assigned to each sensor during sensor installation? Endpoint ID (EID) Agent ID (AID) Security ID (SID) Computer ID (CID).
On which page of the Falcon console would you create sensor groups? User management Sensor update policies Host management Host groups.
What is the function of a single asterisk (*) in an ML exclusion pattern? The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path The single asterisk is the insertion point for the variable list that follows the path The single asterisk is only used to start an expression, and it represents the drive letter.
In order to establish an RTR session, the host must be online and in a group that has RTR enabled. What else is necessary? The host user must give permission The host user must initiate the RTR session Nothing else The analyst must have an assigned RTR role.
What is true about sensor install files? Once a sensor is installed once, it never needs to be updated again. The same sensor executable is used in all environments. A new installer executable is made available for each new version. New install files are made available every Tuesday.
A host with a Falcon sensor installed is called a(n) ___________. Endpoint Managed host Falcon host Protected host.
Which of the following resembles a CID? 23.229.209.5 132592823447682795 6C-6A-77-A3-F5-F7 2474ad68b98e441c9daaf20a1d8f5d84.
A sensor has not contacted the Falcon cloud for 45 days. What, if any, action takes place at that time? The sensor is deleted from the hosts list The sensor is upgraded to the most recent version All events from the sensor say Inactive in the ComputerName field The sensor uninstalls itself.
Which Real-Time Response (RTR) role is automatically assigned to the Falcon Administrator? Read Only Analyst Active Responder No RTR roles are automatically assigned to the Falcon Administrator Administrator.
Which of the following is NOT a method to configure sensor grouping tags on a Windows host? Using the ACTIONS options when managing host in the console Using the GROUPING_TAGS parameter during installation Editing the registry after sensor installation Editing the registry via an RTR session.
What type of group automatically assigns hosts to the group when their hostname begins with ENG? Dynamic Hosts cannot be automatically assigned to groups Static This type of assignment is not allowed.
What happens when a sensor build is chosen in a custom sensor update policy? All assigned hosts will be upgraded or downgraded to the build selected All assigned hosts with a lower build will be upgraded to the build selected All assigned hosts with a higher build will be downgraded to the build selected All hosts will be upgraded or downgraded to the build selected.
Which exclusion pattern will prevent detections on all files only from the C:\Users\Developer\Code\ folder and all its subfolders on a Windows host? Users\Developer\Code\** \Users\Developer\Code\** \Users\Developer\* \Users\Developer\Code\*.
What syntax is used to configure Machine Learning exclusions? Splunk patterns Glob patterns Scala patterns Regex patterns.
Which report will help you find sensors in RFM? Sensor Coverage lookup Sensor Health Inactive Sensors Sensor Visibility Exclusions Audit.
What does an analyst use a Custom Alert for? Detect changes in "Customs" such as how analysts pivot during detections Edit the wording in detections To receive an alert in an email Configure a new, unique alert for your environment.
When creating a new USB Device Policy, what MODE options are available? Prevent and enforce; Prevent only Disable and enforce; Disable only Monitor and enforce; Monitor only Detect and enforce; Detect only.
What command should be run to verify if a Linux sensor is running? ps -ef | grep falcon netstat -f regedit myfile.reg sc query csagent.
Which of the following is NOT a condition for successful Network Containment? You must establish an Real Time Response session first The host machine must receive network traffic to/from the Falcon Cloud Any host with a sensor installed Users with the Falcon Security Lead or Falcon Administrator role.
When installing the sensor, what should you ensure for it to complete the provisioning process? The host can communicate with the Falcon Cloud regardless of the OS platform The same sensor installer package is used on all OS platforms Sensors should be installed on all hosts at the same time The host is rebooted immediately after the provisioning phase is complete.
Denunciar test Consentimiento Condiciones de uso