Question 1

The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?

Options :

A : 500

B : 750

C : 1000

D : 1200

Answer: C

Question 2

You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?

Options :

A : User logons after the detection

B : Executions of schtasks.exe after the detection

C : Scheduled tasks registered prior to the detection

D : Pivot to a Hash search for taskeng.exe

Answer: C

Question 3

What do IOA exclusions help you achieve?

Options :

A : Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy

B : Reduce false positives of behavioral detections from IOA based detections only

C : Reduce false positives of behavioral detections from IOA based detections based on a file hash

D : Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

Answer: B

Question 4

Where can you find hosts that are in Reduced Functionality Mode?

Options :

A : Event Search

B : Executive Summary dashboard

C : Host Search

D : Installation Tokens

Answer: C

Question 5

You can jump to a Process Timeline from many views, like a Hash Search, by clicking which of the following?

Options :

A : ProcessTimeline Link

B : PID

C : UTC time

D : Process ID or Parent Process ID

Answer: B