ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 214 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 214
Topic #: 1
[All CCFA Questions]

As a Falcon Administrator, you would like to tune your Prevention Policies and compare the number of detections that would have resulted in the last 30 days depending on which detection level was used (Cautious, Moderate, Aggressive or Extra Aggressive).

Which audit logs would best help you evaluate the appropriate setting to use?

  • A. Machine-learning prevention monitoring
  • B. Prevention policy
  • C. Policy efficacy monitoring
  • D. Prevention policy debug
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by 67bdb19 at May 20, 2025, 2:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aN0omY
1 week, 4 days ago
Selected Answer: A
c doesnt exist. B and D do but if you naviagte to them, D is all about prevention settins on host, and B is where you can filter prevention policies based on policy name, id, time, or user (has nothing to do with actual range of detection)
upvoted 1 times
...
CiscoNoahexamtopic
1 week, 4 days ago
Selected Answer: A
You should use the Machine‐Learning Prevention Monitoring audit logs, which show ML detections and preventions by severity, policy, and host group—allowing you to see how many detections each detection level (Cautious, Moderate, Aggressive, Extra Aggressive) would have generated over the past 30 days.
upvoted 1 times
...
67bdb19
3 weeks, 6 days ago
Selected Answer: A
The correct answer is: C. Uninstall and Maintenance Protection Explanation: In most endpoint protection platforms (such as CrowdStrike Falcon), the "Uninstall and Maintenance Protection" setting within the Sensor Update Policy is what prevents unauthorized users from uninstalling the sensor. When this setting is enabled, it typically requires a token or elevated permissions to uninstall or tamper with the sensor, thereby protecting it from unauthorized removal.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel