Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Crowdstrike Discussions

Exam CCFA topic 1 question 2 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 2
Topic #: 1
[All CCFA Questions]

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

  • A. Contact support and request that they modify the Machine Learning settings to no longer include this detection
  • B. Using IOC Management, add the hash of the binary in question and set the action to "Allow"
  • C. Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
  • D. Using IOC Management, add the hash of the binary in question and set the action to "No Action"
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Reddington0214 at Feb. 4, 2023, 4:45 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
SuperDuperReverb
2 months, 1 week ago
@DarkieCopy Allow is present in IOC, I just looked. Allow means it will not log the detection, "No Action" means it will still collect data on occurences.
upvoted 1 times
...
DarkieCopy
5 months, 1 week ago
Selected Answer: D
Got to disagree with everyone: I think D is correct answer. IOC management only allows "Detect only" and "No Action" among the possible actions, checked in console. Same happens in question #12. "Detect only" and "No Action" are the only possibilities in IOC management
upvoted 1 times
FerbOP
3 months, 1 week ago
Check for Hash, for IP and Domain you have only Detect only and No Action
upvoted 1 times
...
...
sbag0024
10 months, 2 weeks ago
Selected Answer: B
B is correct
upvoted 2 times
...
FerbOP
1 year ago
B - Allow,do not detect
upvoted 1 times
...
Reddington0214
1 year, 2 months ago
Selected Answer: B
I think B is correct
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel