Examice

Exam CCFA All QuestionsBrowse all questions from this exam

Question 7

Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?

Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"

Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"

Correct Answer: C

To disable Real Time Response (RTR) only on specific hosts within a host group, you need to create a new Response Policy, toggle the 'Real Time Response' switch off, and assign this newly created policy to the host group. This method ensures that only the designated hosts in the host group will have RTR disabled, without affecting other configurations or host groups.

Discussion

sbag0024Option: C

C is correct

FerbOPOption: C

C is correct

Reddington0214Option: C

C is a possibe answer, however when you created a new RTR Rules, the default setting is disabled and you will just add the host group For D that is also possible> However, the option is to add host name rather than host group.