On which page of the Falcon console would you create sensor groups?
A. User management
B. Sensor update policies
C. Host management
D. Host groups
The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?
A. SSL inspection should be configured to occur on all Falcon traffic
B. Some network configurations, such as deep packet inspection, interfere with certificate validation
C. HTTPS interception should be enabled to proceed with certificate validation
D. Common sources of interference with certificate pinning include protocol race conditions and resource contention
You are beginning the rollout of the Falcon Sensor for the first time side-by-side with your existing security solution. You need to configure the Machine Learning levels of the Prevention Policy so it does not interfere with existing solutions
during the testing phase.
What settings do you choose?
A. Detection slider: Extra Aggressive Prevention slider: Cautious
B. Detection slider: Moderate Prevention slider: Disabled
C. Detection slider: Cautious Prevention slider: Cautious
D. Detection slider: Disabled Prevention slider: Disabled
An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?
A. File exclusions are not aligned to groups or hosts
B. There is a limit of three groups of hosts applied to any exclusion
C. There is no limit and exclusions can be applied to any or all groups
D. Each exclusion can be aligned to only one group of hosts
When creating a Host Group for all Workstations in an environment, what is the best method to ensure all workstation hosts are added to the group?
A. Create a Dynamic Group with Type=Workstation Assignment
B. Create a Dynamic Group and Import All Workstations
C. Create a Static Group and Import all Workstations
D. Create a Static Group with Type=Workstation Assignment
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?
A. USB Device Policy
B. Firewall Rule Group
C. Containment Policy
D. Machine Learning Exclusions
What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform?
A. For - While statement(s)
B. Trigger, condition(s) and action(s)
C. Event trigger(s)
D. Predefined workflow template(s)
How do you assign a policy to a specific group of hosts?
A. Create a group containing the desired hosts using "Static Assignment." Go to the Assigned Host Groups tab of the desired policy and dick "Add groups to policy." Select the desired Group(s).
B. Assign a tag to the desired hosts in Host Management. Create a group with an assignment rule based on that tag. Go to the Assignment tab of the desired policy and click "Add Groups to Policy." Select the desired Group(s).
C. Create a group containing the desired hosts using "Dynamic Assignment." Go to the Assigned Host Groups tab of the desired policy and select criteria such as OU, OS, Hostname pattern, etc.
D. On the Assignment tab of the desired policy, select "Static" assignment. From the next window, select the desired hosts (using fitters if needed) and click Add.
You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. Which of the following parameters can be used to override the 20-minute default provisioning window?
A. ExtendedWindow=1
B. Timeout=0
C. ProvNoWait=1
D. Timeout=30
Which of the following is a valid step when troubleshooting sensor installation failure?
A. Confirm all required services are running on the system
B. Enable the Windows firewall
C. Disable SSL and TLS on the host
D. Delete any available application crash log files