Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFA-200 Topic 2 Question 50 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam
Question #: 50
Topic #: 2
[All CCFA-200 Questions]

The Falcon Administrator has created a new prevention policy to apply to the "Servers" group; however, when applying the new prevention policy this group is not appearing in the list of available groups. What is the most likely issue?

Show Suggested Answer Hide Answer
Suggested Answer: D

The option that is true when a Windows host is in Reduced Functionality Mode (RFM) is that some detection patterns and preventions will not be triggered. RFM is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure. When a Windows sensor is in RFM, it will only provide basic prevention capabilities, such as blocking known malware hashes and preventing script execution from the %TEMP% directory. The sensor will not send any telemetry or detection events to the Falcon platform, and will not receive any policy or update changes from the Falcon cloud. This means that some detection patterns and preventions that rely on telemetry, machine learning, or cloud analysis will not be triggered.


by Samira at Jan 13, 2025, 09:26 PM

Limited Time Offer

25%

Off

Get Premium CCFA-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Marla
19 days ago
I bet the Falcon admin is sitting back, laughing at us trying to figure out this 'tricky' question. Probably just forgot to turn the policy on.
upvoted 0 times
...
Lynsey
21 days ago
C? Disabling the group first? That's like trying to fix a flat tire by cutting the whole wheel off. Not the brightest idea.
upvoted 0 times
...
Helene
26 days ago
A seems too easy. The Falcon admin should know to enable the policy first. Maybe they're trying to trick us with that one.
upvoted 0 times
Kimberlie
8 days ago
Let's double-check the prevention policy settings to see if the host type was defined correctly.
upvoted 0 times
...
Corazon
13 days ago
I agree, D seems like a possibility. Maybe the admin missed that step.
upvoted 0 times
...
Miriam
18 days ago
I think it might be D. The host type might not be defined correctly.
upvoted 0 times
...
...
Elena
2 months ago
D sounds like the most likely issue to me. If the host type wasn't defined correctly, the policy won't know which group to apply to.
upvoted 0 times
Zachary
19 days ago
Maybe the Falcon Administrator should double check the host type in the prevention policy.
upvoted 0 times
...
Eloisa
23 days ago
I agree, D does seem like the most likely issue. If the host type isn't defined correctly, the policy won't work.
upvoted 0 times
...
...
Laurel
2 months ago
I think it's probably B. The group already has a policy applied to it, so we can't apply a new one. Gotta remove the old one first.
upvoted 0 times
...
Leonora
2 months ago
I'm not sure, but maybe the 'Servers' group already has a policy applied to it.
upvoted 0 times
...
Barbra
2 months ago
I agree with Lamonica, enabling the new prevention policy first makes sense.
upvoted 0 times
...
Lamonica
2 months ago
I think the most likely issue is that the new prevention policy should be enabled first.
upvoted 0 times
...

Save Cancel