Question 6 of 248

What must an admin do to reset a user's password?

Answer

Suggested Answer

The suggested answer is B.

To reset a user's password, the administrator should go to User Management, select the affected user account, and use the 'Reset Password' option from the three-dot menu. This method is direct and aligns with typical user management interfaces, offering a straightforward and practical approach to password reset.

Community Votes6 votes
BSuggested
100%
Question 7 of 248

Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?

Answer

Suggested Answer

The suggested answer is C.

To disable Real Time Response (RTR) only on specific hosts within a host group, you need to create a new Response Policy, toggle the 'Real Time Response' switch off, and assign this newly created policy to the host group. This method ensures that only the designated hosts in the host group will have RTR disabled, without affecting other configurations or host groups.

Community Votes5 votes
CSuggested
100%
Question 8 of 248

When creating new IOCs in IOC management, which of the following fields must be configured?

Answer

Suggested Answer

The suggested answer is D.

When creating new IOCs in IOC management, the fields Hash, Platform, and Action must be configured. The Hash uniquely identifies the indicator, the Platform specifies the operating systems the IOC applies to, and the Action determines the response when the IOC is detected.

Community Votes5 votes
DSuggested
100%
Question 9 of 248

Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the MOST appropriate role that can be added to fullfil this requirement?

Answer

Suggested Answer

The suggested answer is B.

To view files and file contents locally on compromised hosts without the ability to extract them, the 'Real Time Responder – Read Only Analyst' role is the most appropriate. This role grants permissions to run specific commands such as viewing file contents without permitting file extraction, which aligns with the requirement of being able to view files without the ability to take them off the host.

Community Votes10 votes
BSuggested
90%
C
10%
Question 10 of 248

One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?

Answer

Suggested Answer

The suggested answer is D.

To reduce false positives on a specific file path for development work, such as the 'devcode' folder mentioned, adjusting the Machine Learning Exclusions is the appropriate setting. This allows you to exclude specific files or directories from being flagged by machine learning algorithms, thus minimizing false positives during development testing.

Community Votes7 votes
DSuggested
100%