CCFA Exam - Question 71

C should be correct

Correct should be C after revisit the doc. Provides machine learning-based on-sensor AV protection for malicious files, including offline protection.

only sensor base include offline Sensor Anti-malware For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. About levels

C is correct

For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware

C is correct, check falcon console > Next-Gen Antivirus, Sensor Machine Learning only appear Sensor Anti-malware

It should be D, the only option within the Sensor Machine Learning section is Sensor Anti-malware (Detection & Prevention) and it reads: "For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. That's basically what option D is

Going with C. The policy says " For offline and online hosts"

C is correct as it is for offline

It's mentioned in the console, "For offline and online hosts.....". So the answer shouldn't be "C". ==================================================== Sensor Anti-malware For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. About levels

A is the correct answer

I would go with D. After checking the documentation i found this "or unknown and zero-day threats, Falcon applies IOA detection, using machine learning techniques to build predictive models that can detect never-before-seen malicious activities with high accuracy." ChatGPT also confirms it and some online resources

Answer is D. "For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware."

D is correct. Says right in the setting "...use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.

According to documentation (documentation/detections/technique/sensor-based-ml-cst0007): CrowdStrike sensor-based machine learning (ML) identifies and analyzes unknown executables as they run on hosts. This technique is triggered by files and file attributes associated with known malware. This is similar to the [Cloud-based ML](/support/documentation/detections/technique/cloud-based-ml) technique. Cloud-based ML is informed by global analysis of executables that classifies and identifies malware. The key difference is that it doesn't run on hosts when they're offline. Therefore it is D. Sensor-based ML does not run on hosts when they are offline, discarding C.

In the prevention policy its clearly mentioned that " FOR OFFLINE AND ONLINE HOSTS" - "For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.", so the answer should be D

The unkown executables and zero days is the whole purpose of applying Machine Learning to threat detection in cybersecurity. Offline protection should still be had by all modules, otherwise CS would be a very bad solution if it only protects from your blacklisted hashes when you have internet. Answer is D.

Sensor-based Machine Learning (ML) in CrowdStrike Falcon leverages machine learning capabilities directly on the endpoint, allowing the Falcon sensor to provide real-time protection even when the endpoint is offline (i.e., not connected to the internet). This offline protection is a key feature of sensor-based ML, as it enables the detection and blocking of malicious activities locally on the endpoint, without needing constant communication with the cloud.