Which option allows you to exclude behavioral detections from the detections page?
A. Machine Learning Exclusion
B. IOA Exclusion
C. IOC Exclusion
D. Sensor Visibility Exclusion
You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?
A. Contact support and request that they modify the Machine Learning settings to no longer include this detection
B. Using IOC Management, add the hash of the binary in question and set the action to "Allow"
C. Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
D. Using IOC Management, add the hash of the binary in question and set the action to "No Action"
What is the primary purpose of using glob syntax in an exclusion?
A. To specify a Domain be excluded from detections
B. To specify exclusion patterns to easily exclude files and folders and extensions from detections
C. To specify exclusion patterns to easily add files and folders and extensions to be prevented
D. To specify a network share be excluded from detections
Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?
A. Next-Gen Antivirus (NGAV) protection
B. Adware and Potentially Unwanted Program detection and prevention
C. Real-time offline protection
D. Identification and analysis of unknown executables
What can the Quarantine Manager role do?
A. Manage and change prevention settings
B. Manage quarantined files to release and download
C. Manage detection settings
D. Manage roles and users
With Custom Alerts, it is possible to __________.
A. schedule the alert to run at any interval
B. receive an alert in an email
C. configure prevention actions for alerting
D. be alerted to activity in real-time
What is the purpose of a containment policy?
A. To define which Falcon analysts can contain endpoints
B. To define the duration of Network Containment
C. To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)
D. To define allowed IP addresses over which your hosts will communicate when contained
When the Notify End Users policy setting is turned on, which of the following is TRUE?
A. End users will not be notified as we would not want to notify a malicious actor of a detection. This setting does not exist
B. End users will be immediately notified via a pop-up that their machine is in-network isolation
C. End-users receive a pop-up notification when a prevention action occurs
D. End users will receive a pop-up allowing them to confirm or refuse a pending quarantine
You are beginning the rollout of the Falcon Sensor for the first time side-by-side with your existing security solution. You need to configure the Machine Learning levels of the Prevention Policy so it does not interfere with existing solutions
during the testing phase.
What settings do you choose?
A. Detection slider: Extra Aggressive Prevention slider: Cautious
B. Detection slider: Moderate Prevention slider: Disabled
C. Detection slider: Cautious Prevention slider: Cautious
D. Detection slider: Disabled Prevention slider: Disabled
What is the function of a single asterisk (*) in an ML exclusion pattern?
A. The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path
B. The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path
C. The single asterisk is the insertion point for the variable list that follows the path
D. The single asterisk is only used to start an expression, and it represents the drive letter