Exam CCFR-201 All QuestionsBrowse all questions from this exam
Go to Exam
Question 17

Sensor Visibility Exclusion patterns are written in which syntax?

    Correct Answer: A

    Sensor Visibility Exclusion patterns are written in Glob Syntax. This type of syntax is used for matching file names and directory structures in a flexible way, allowing for the use of wildcards to account for variations across multiple hosts and environments. Features that support globs include prevention policy exclusions, file integrity monitoring rules, and firewall wildcard rules.

Discussion
alanalanalanOption: A

Answer A, A. Glob Syntax Globs in the Falcon console Glob wildcards offer flexibility when file names and directory structures vary across multiple hosts. For example, wildcards can match partial file names or match file names regardless of what directory they’re in. Features that support globs: Prevention policy exclusions. For more info, see Understanding prevention policy exclusions. Falcon FileVantage file integrity monitoring rules and scheduled exclusions. For more info, see Falcon FileVantage. Falcon Firewall wildcard IFN rules. For more info, see Manage your firewall rules and rule groups. Falcon USB Device Control serial numbers used to create prevention policy exceptions. For more info, see USB Device Control. Reference : In 2024, the Advanced event search will use the CrowdStrike Query Language (CQL).

silva222222Option: A

Correct is A Correction: IOA = Regex Sensor Visibility = Glob Syntax

AcrbyOption: A

Checked on UI

silva222222

View Link - Olha essa dica: https://www.examtopics.com/discussions/crowdstrike/view/96918-exam-ccfa-topic-1-question-51-discussion/

alanalanalan

You gave couple different answers, you commented A and C, then now you just post a link, but not directly related. So what is the correct answer? That question is : Custom IOA rules are defined using which syntax? Don't waste your time, dude.

alanalanalanOption: A

Answer A, A. Glob Syntax Globs in the Falcon console Glob wildcards offer flexibility when file names and directory structures vary across multiple hosts. For example, wildcards can match partial file names or match file names regardless of what directory they’re in. Features that support globs: Prevention policy exclusions. For more info, see Understanding prevention policy exclusions. Falcon FileVantage file integrity monitoring rules and scheduled exclusions. For more info, see Falcon FileVantage. Falcon Firewall wildcard IFN rules. For more info, see Manage your firewall rules and rule groups. Falcon USB Device Control serial numbers used to create prevention policy exceptions. For more info, see USB Device Control. Reference : In 2024, the Advanced event search will use the CrowdStrike Query Language (CQL).

silva222222Option: C

The correct answer for Sensor Visibility Exclusion patterns in Crowdstrike is: C. RegEx (Regular Expressions) https://www.crowdstrike.com/blog/tech-center/custom-ioas/

Pipo12345Option: A

It's A

wildbandanaOption: B

checked in docs

e6cb31b

You’re on a mission!! Lmfaooo