Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?
What would be the most appropriate action to take if you wanted to prevent a folder from being uploaded to the cloud without disabling uploads globally?
How can a Falcon Administrator configure a pop-up message to be displayed on a host when the Falcon sensor blocks, kills or quarantines an activity?
Which of the following uses Regex to create a detection or take a preventative action?
When creating a Host Group for all Workstations in an environment, what is the best method to ensure all workstation hosts are added to the group?
If a user wanted to install an older version of the Falcon sensor, how would they find the older installer file?
You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?
Which statement describes what is recommended for the Default Sensor Update policy?
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?
You have a new patch server that should be reachable while hosts in your environment are network contained. The server's IP address is static and does not change. Which of the following is the best approach to updating the Containment Policy to allow this?
You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded. In the Sensor Update policy, which is the best Sensor version option to achieve these requirements?
When creating a custom IOA for a specific domain, which syntax would be best for detecting or preventing on all subdomains as well?
How many days will an inactive host remain visible within the Host Management or Trash pages?
The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon?
Which Real Time Response role will allow you to see all analyst session details?
What is likely the reason your Windows host would be in Reduced Functionality Mode (RFM)?
Which of the following is NOT a way to determine the sensor version installed on a specific endpoint?
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?
You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. Which of the following parameters can be used to override the 20-minute default provisioning window?
How can you find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days?
Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?
Why do Sensor Update policies need to be configured for each OS (Windows, Mac, Linux)?
You have a Windows host on your network in Reduced functionality mode (RFM). While the system is in RFM, which of the following is TRUE?
Which of the following tools developed by Crowdstrike is intended to help with removal of the CrowdStrike Windows Falcon Sensor?