ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 218 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 218
Topic #: 1
[All CCFA Questions]

After successfully installing Falcon on a new employee's laptop, you notice that the machine is assigned the default prevention policy instead of the custom prevention policy you created. You verify that the Falcon sensor is functioning properly, and you confirm that the custom policy is enabled and successfully running on more than 1,000 other Falcon hosts.

What is the likely cause of this issue?

  • A. Falcon requires a 24- hour waiting period to apply custom policies to newly installed hosts
  • B. The laptop is not a member of a host group assigned to the custom policy
  • C. A host-based firewall rule is preventing the custom policy from applying successfully
  • D. A prompt to apply the new prevention policy was manually declined
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CiscoNoahexamtopic at June 5, 2025, 6:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CiscoNoahexamtopic
1 week, 5 days ago
Selected Answer: B
The most common reason a new host falls back to the default policy is that it isn’t matched by any host group tied to your custom policy. In other words, since the laptop isn’t in a group that the custom policy is assigned to, it inherits the default policy instead .
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel