ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 189 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 189
Topic #: 1
[All CCFA Questions]

During a Windows system investigation via Real Time Response (RTR), an RTR Active Responder is unable to execute a custom powershell script for finding specific system artifacts.

What is likely restricting the responder from executing the powershell script?

  • A. Script-Based Execution Monitoring is not enabled in the prevention policy
  • B. Custom Scripts is not enabled in the response policy
  • C. The responder requires the RTR Administrator role
  • D. Put-and-Run is not enabled in the response policy
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by aN0omY at June 4, 2025, 1:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CiscoNoahexamtopic
1 week, 4 days ago
Selected Answer: B
Custom Scripts Allows those with RTR Active Responder and RTR Administrator roles to run custom scripts
upvoted 1 times
...
aN0omY
1 week, 6 days ago
Selected Answer: C
Should be C - Because the admin is only one who can create custom scripts whereas the other one can only run some custom scripts.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel