Question 1

A list of managed and unmanaged neighbors for an endpoint can be found:

Options :

A : by using Hosts page in the Investigate tool

B : by reviewing "Groups" in Host Management under the Hosts page

C : under "Audit" by running Sensor Visibility Exclusions Audit

D : only by searching event data using Event Search

Answer: A

Question 2

What do IOA exclusions help you achieve?

Options :

A : Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy

B : Reduce false positives of behavioral detections from IOA based detections only

C : Reduce false positives of behavioral detections from IOA based detections based on a file hash

D : Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

Answer: B

Question 3

You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?

Options :

A : User logons after the detection

B : Executions of schtasks.exe after the detection

C : Scheduled tasks registered prior to the detection

D : Pivot to a Hash search for taskeng.exe

Answer: C

Question 4

What happens when you open the full detection details?

Options :

A : The process explorer opens and the detection is removed from the console

B : The process explorer opens and you’re able to view the processes and process relationships

C : The process explorer opens and the detection copies to the clipboard

D : The process explorer opens and the Event Search query is run for the detection

Answer: B

Question 5

From the Detections page, how can you view 'in-progress' detections assigned to Falcon Analyst Alex?

Options :

A : Filter on 'Analyst: Alex'

B : Alex does not have the correct role permissions as a Falcon Analyst to be assigned detections

C : Filter on 'Hostname: Alex' and 'Status: In-Progress'

D : Filter on 'Status: In-Progress' and 'Assigned-to: Alex

Answer: D

Smartly Prepare Exam with Free Online CCFR-201b Practice Test