ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 138 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 138
Topic #: 1
[All CCFA Questions]

Which statement is TRUE regarding disabling detections on a host?

  • A. Hosts with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed
  • B. Hosts with detections disabled will not alert on anything until detections are enabled again
  • C. Hosts with detections disabled will not alert on blocklisted hashes or machine learning detections, but will still alert on IOA-based detections. It will remain that way until detections are enabled again
  • D. Hosts cannot have their detections disabled individually
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Itspecialistj at Jan. 2, 2025, 12:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Itspecialistj
4 months ago
Selected Answer: B
Verified via Falcon console.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago