What must an admin do to reset a user's password?
Correct Answer: B
To reset a user's password, the administrator should go to User Management, select the affected user account, and use the 'Reset Password' option from the three-dot menu. This method is direct and aligns with typical user management interfaces, offering a straightforward and practical approach to password reset.
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?
Correct Answer: C
To disable Real Time Response (RTR) only on specific hosts within a host group, you need to create a new Response Policy, toggle the 'Real Time Response' switch off, and assign this newly created policy to the host group. This method ensures that only the designated hosts in the host group will have RTR disabled, without affecting other configurations or host groups.
When creating new IOCs in IOC management, which of the following fields must be configured?
Correct Answer: D
When creating new IOCs in IOC management, the fields Hash, Platform, and Action must be configured. The Hash uniquely identifies the indicator, the Platform specifies the operating systems the IOC applies to, and the Action determines the response when the IOC is detected.
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?
Correct Answer: B
To view files and file contents locally on compromised hosts without the ability to extract them, the 'Real Time Responder – Read Only Analyst' role is the most appropriate. This role grants permissions to run specific commands such as viewing file contents without permitting file extraction, which aligns with the requirement of being able to view files without the ability to take them off the host.
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?
Correct Answer: D
To reduce false positives on a specific file path for development work, such as the 'devcode' folder mentioned, adjusting the Machine Learning Exclusions is the appropriate setting. This allows you to exclude specific files or directories from being flagged by machine learning algorithms, thus minimizing false positives during development testing.