ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 222 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 222
Topic #: 1
[All CCFA Questions]

Detections related to a penetration test on a particular server are currently generating thousands of entries in the console. Your leadership does not need to track the detections in Falcon.

What should you do to allow your team to focus on more relevant detections?

  • A. Delete the detections in the console and contain the server undergoing the test
  • B. Permanently disable detections for the server in Host Management
  • C. Temporarily disable detections for the server in Host Management and re-enable after the test is done
  • D. Create a Fusion Workflow to email the SOC team every time the penetration test generates a detection
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CiscoNoahexamtopic at June 5, 2025, 5:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CiscoNoahexamtopic
1 week, 5 days ago
Selected Answer: C
To suppress the flood of test‐related findings without losing all other detections, temporarily disable detections for that host in Host Management. This immediately removes existing detections for the host from the console and prevents any new ones from appearing until you re‐enable them.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel