Question 1

A list of managed and unmanaged neighbors for an endpoint can be found:

Options :

A : by using Hosts page in the Investigate tool

B : by reviewing "Groups" in Host Management under the Hosts page

C : under "Audit" by running Sensor Visibility Exclusions Audit

D : only by searching event data using Event Search

Answer: A

Question 2

Where can you find hosts that are in Reduced Functionality Mode?

Options :

A : Event Search

B : Executive Summary dashboard

C : Host Search

D : Installation Tokens

Answer: C

Question 3

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

Options :

A : ParentProcessId_decimal and aid

B : ResponsibleProcessId_decimal and aid

C : ContextProcessId_decimal and aid

D : TargetProcessId_decimal and aid

Answer: B

Question 4

What action is used when you want to save a prevention hash for later use?

Options :

A : Always Block

B : Never Block

C : Always Allow

D : No Action

Answer: A

Question 5

From the Detections page, how can you view 'in-progress' detections assigned to Falcon Analyst Alex?

Options :

A : Filter on 'Analyst: Alex'

B : Alex does not have the correct role permissions as a Falcon Analyst to be assigned detections

C : Filter on 'Hostname: Alex' and 'Status: In-Progress'

D : Filter on 'Status: In-Progress' and 'Assigned-to: Alex

Answer: D