Your security team is noticing that certain privacy-sensitive information such as the URL, HTTP Header and POST bodies are missing from HTTP related detections. What is likely the cause for this?
What happens to policy assignment when a host does not match any custom host group criteria?
You will be testing detections with pentest and security tooling on your host. How can a workflow be created to automatically assign any detection related to your pentest to yourself in real time?
You want to add an additional layer of security to high-risk Real Time Response commands for your environment. Where do you configure MFA for RTR within the UI?
Your development team is working on a new enterprise application, but Falcon starts creating alerts during testing. The alert points to “C:\Users\Bob\DevCode\felix.dll”. In the detection, you see that it is triggering only on a specific Falcon IOA. What would be the best course of action for this situation?
Which report in Falcon can be used to determine the volume of blocked activity at a different prevention policy setting?
You are attempting to install the Falcon sensor on a host with a slow internet connection, and the installation fails after 20 minutes. What parameter can be used to override the 20-minute default provisioning window?
You have 100 hashes that have been prohibited by management and need to be blocked within your organization. Using Falcon, what is the best way to accomplish this?
After attempting to uninstall the Falcon sensor from a Windows endpoint, the process appears stuck. What troubleshooting step should be taken?
Which report would show you an overview of the top ten most-applied policies by sensors in your environment?
When an API client is created, what two pieces of information must be generated as a pair to successfully identify and validate your API integrations?
How can you search for multiple hostnames at the same time via Host Management?
What best describes the relationship between Sensor Update policies and Operating Systems?
Your leadership wants controls in place for immediate action on any OverWatch detections. What should you do to ensure the host is contained quickly and notifies the appropriate staff?
There are a significant number of false positive detections from your developers that are getting blocked and quarantined by Falcon. What Indicator of Compromise (IOC) action would be the best option?
After enabling an IOA rule and its respective rule group, what else must be done for an IOA to be fully functional?
When creating your own Fusion SOAR workflow based on an Event trigger, which additional option will refine the trigger?
Where can you find a list of hosts that have not communicated with the CrowdStrike Cloud?
Your development team is working on a new enterprise application, but Falcon starts creating alerts during testing. The alert points to C:\Users\Bob\DevCode\felix.dll. In the detection, you see that it is triggering only on a specific Falcon IOA. What action should be taken to resolve this issue?