Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike CCFA-200b Exam - Topic 2 Question 2 Discussion

Actual exam question for CrowdStrike's CCFA-200b exam
Question #: 2
Topic #: 2
[All CCFA-200b Questions]

What is likely the reason your Windows host would be in Reduced Functionality Mode (RFM)?

Show Suggested Answer Hide Answer
Suggested Answer: B

The likely reason your Windows host would be in Reduced Functionality Mode (RFM) is that the host lost internet connectivity. RFM is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure. When a Windows sensor is in RFM, it will only provide basic prevention capabilities, such as blocking known malware hashes and preventing script execution from the %TEMP% directory.The sensor will not send any telemetry or detection events to the Falcon platform, and will not receive any policy or update changes from the Falcon cloud1. Losing internet connectivity is a common cause of RFM, as it prevents the sensor from communicating with the Falcon cloud. A misconfiguration in your prevention policy or sensor update policy will not cause RFM, as these policies are applied by the Falcon cloud and do not affect the sensor's license, network, or certificate status.Microsoft updates altering the kernel may cause compatibility issues with the sensor, but not RFM3.


by Kassandra at Jan 25, 2026, 10:16 AM

Limited Time Offer

25%

Off

Get Premium CCFA-200b Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Anastacia
4 days ago
It's usually due to lost internet connectivity.
upvoted 0 times
...
Franklyn
9 days ago
Haha, option C is the winner! My prevention policy is a hot mess, no wonder my computer is acting up.
upvoted 0 times
...
Felix
14 days ago
A is the right answer. Microsoft is always messing with my computer, I just know it.
upvoted 0 times
...
Elvera
20 days ago
D is the obvious choice. Sensor Update Policy is the key to keeping your host in tip-top shape.
upvoted 0 times
...
Antione
25 days ago
I bet it's because the IT guy spilled coffee on the server again. Classic.
upvoted 0 times
...
Tayna
30 days ago
Option B is the correct answer. Without internet connectivity, the host can't verify its license and will enter RFM.
upvoted 0 times
...
Deeanna
1 month ago
I’m leaning towards option B, but I vaguely remember something about sensor updates causing issues too.
upvoted 0 times
...
Azzie
1 month ago
I practiced a question similar to this, and I feel like a misconfiguration in the prevention policy could also lead to RFM.
upvoted 0 times
...
Antonette
2 months ago
I think losing internet connectivity could definitely trigger RFM, but I can't recall if it’s the only reason.
upvoted 0 times
...
Leonora
2 months ago
I remember something about RFM being related to licensing issues, but I'm not sure if that's tied to the options here.
upvoted 0 times
...
Belen
2 months ago
I feel pretty confident that the answer is C. A misconfiguration in the prevention policy seems like the most logical explanation for the Reduced Functionality Mode.
upvoted 0 times
...
Melina
3 months ago
Ah, I'm a bit confused on this one. Is it possible that D, a misconfigured Sensor Update Policy, could also lead to the Reduced Functionality Mode? I'm not entirely sure.
upvoted 0 times
...
Corinne
3 months ago
Okay, let me think this through. I'm leaning towards A - Microsoft updates altering the kernel. That could definitely trigger the Reduced Functionality Mode.
upvoted 0 times
...
Dominga
3 months ago
I'm not sure about this one. Could it be B, the host losing internet connectivity? That might cause it to go into that mode, right?
upvoted 0 times
...
Penney
3 months ago
Hmm, I think it might be C - a misconfiguration in the prevention policy. That seems like the most likely reason for the Reduced Functionality Mode.
upvoted 0 times
...

Save Cancel