Question 1

You can jump to a Process Timeline from many views, like a Hash Search, by clicking which of the following?

Options :

A : ProcessTimeline Link

B : PID

C : UTC time

D : Process ID or Parent Process ID

Answer: B

Question 2

What do IOA exclusions help you achieve?

Options :

A : Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy

B : Reduce false positives of behavioral detections from IOA based detections only

C : Reduce false positives of behavioral detections from IOA based detections based on a file hash

D : Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

Answer: B

Question 3

Where can you find hosts that are in Reduced Functionality Mode?

Options :

A : Event Search

B : Executive Summary dashboard

C : Host Search

D : Installation Tokens

Answer: C

Question 4

From a detection, what is the fastest way to see children and sibling process information?

Options :

A :

Select the Event Search option. Then from the Event Actions, select Show Associated Event Data (From TargetProcessId_decimal)

B : Select Full Detection Details from the detection

C : Right-click the process and select "Follow Process Chain"

D : Select the Process Timeline feature, enter the AID, Target Process ID, and Parent Process ID

Answer: C

Question 5

A list of managed and unmanaged neighbors for an endpoint can be found:

Options :

A : by using Hosts page in the Investigate tool

B : by reviewing "Groups" in Host Management under the Hosts page

C : under "Audit" by running Sensor Visibility Exclusions Audit

D : only by searching event data using Event Search

Answer: A