Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFA-200 Topic 2 Question 50 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam
Question #: 50
Topic #: 2
[All CCFA-200 Questions]

The Falcon Administrator has created a new prevention policy to apply to the "Servers" group; however, when applying the new prevention policy this group is not appearing in the list of available groups. What is the most likely issue?

Show Suggested Answer Hide Answer
Suggested Answer: D

The option that is true when a Windows host is in Reduced Functionality Mode (RFM) is that some detection patterns and preventions will not be triggered. RFM is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure. When a Windows sensor is in RFM, it will only provide basic prevention capabilities, such as blocking known malware hashes and preventing script execution from the %TEMP% directory. The sensor will not send any telemetry or detection events to the Falcon platform, and will not receive any policy or update changes from the Falcon cloud. This means that some detection patterns and preventions that rely on telemetry, machine learning, or cloud analysis will not be triggered.


by Samira at Jan 13, 2025, 09:26 PM

Limited Time Offer

25%

Off

Get Premium CCFA-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Marla
3 months ago
I bet the Falcon admin is sitting back, laughing at us trying to figure out this 'tricky' question. Probably just forgot to turn the policy on.
upvoted 0 times
...
Lynsey
3 months ago
C? Disabling the group first? That's like trying to fix a flat tire by cutting the whole wheel off. Not the brightest idea.
upvoted 0 times
Gene
2 months ago
D) Host type was not defined correctly within the prevention policy
upvoted 0 times
...
Hershel
2 months ago
B) The 'Servers' group already has a policy applied to it
upvoted 0 times
...
Veronica
2 months ago
A) The new prevention policy should be enabled first
upvoted 0 times
...
...
Helene
3 months ago
A seems too easy. The Falcon admin should know to enable the policy first. Maybe they're trying to trick us with that one.
upvoted 0 times
Kimberlie
2 months ago
Let's double-check the prevention policy settings to see if the host type was defined correctly.
upvoted 0 times
...
Corazon
3 months ago
I agree, D seems like a possibility. Maybe the admin missed that step.
upvoted 0 times
...
Miriam
3 months ago
I think it might be D. The host type might not be defined correctly.
upvoted 0 times
...
...
Elena
4 months ago
D sounds like the most likely issue to me. If the host type wasn't defined correctly, the policy won't know which group to apply to.
upvoted 0 times
Zachary
3 months ago
Maybe the Falcon Administrator should double check the host type in the prevention policy.
upvoted 0 times
...
Eloisa
3 months ago
I agree, D does seem like the most likely issue. If the host type isn't defined correctly, the policy won't work.
upvoted 0 times
...
...
Laurel
4 months ago
I think it's probably B. The group already has a policy applied to it, so we can't apply a new one. Gotta remove the old one first.
upvoted 0 times
...
Leonora
4 months ago
I'm not sure, but maybe the 'Servers' group already has a policy applied to it.
upvoted 0 times
...
Barbra
4 months ago
I agree with Lamonica, enabling the new prevention policy first makes sense.
upvoted 0 times
...
Lamonica
4 months ago
I think the most likely issue is that the new prevention policy should be enabled first.
upvoted 0 times
...

Save Cancel