Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFA-200 Topic 2 Question 50 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam
Question #: 50
Topic #: 2
[All CCFA-200 Questions]

You have a Windows host on your network in Reduced functionality mode (RFM). While the system is in RFM, which of the following is TRUE?

Show Suggested Answer Hide Answer
Suggested Answer: D

The option that is true when a Windows host is in Reduced Functionality Mode (RFM) is that some detection patterns and preventions will not be triggered. RFM is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure. When a Windows sensor is in RFM, it will only provide basic prevention capabilities, such as blocking known malware hashes and preventing script execution from the %TEMP% directory. The sensor will not send any telemetry or detection events to the Falcon platform, and will not receive any policy or update changes from the Falcon cloud. This means that some detection patterns and preventions that rely on telemetry, machine learning, or cloud analysis will not be triggered.


by Samira at Jan 13, 2025, 09:26 PM

Limited Time Offer

25%

Off

Get Premium CCFA-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Wayne
1 months ago
That makes sense. So, we need to be extra cautious when the system is in RFM.
upvoted 0 times
...
Lisandra
1 months ago
Ah, this is a tough one. I'm torn between B and D, but I think D is the winner. Gotta love these Windows quirks, am I right?
upvoted 0 times
Lorean
6 days ago
User 2: Yeah, I agree. Some detection patterns and preventions will not be triggered in Reduced functionality mode.
upvoted 0 times
...
Noelia
24 days ago
User 1: I think D is the correct answer.
upvoted 0 times
...
...
Katina
1 months ago
I agree with Felicidad. In Reduced functionality mode, some detection patterns and preventions will not be triggered.
upvoted 0 times
...
Lashawna
1 months ago
Haha, I bet the correct answer is C. Prevention patterns not triggering? That sounds about right for a reduced functionality scenario. Wish they'd just let the system run at full power.
upvoted 0 times
...
Stephaine
1 months ago
I'm going with B. If the system is in reduced mode, event reporting is probably going to be off the table. Gotta love these tricky Windows modes!
upvoted 0 times
Thora
9 days ago
D) Some detection patterns and preventions will not be triggered
upvoted 0 times
...
Corazon
12 days ago
C) Prevention patterns will not be triggered
upvoted 0 times
...
Stacey
28 days ago
B) Event reporting will be unavailable
upvoted 0 times
...
Glen
29 days ago
A) System monitoring will be unavailable
upvoted 0 times
...
...
Felicidad
1 months ago
I think the answer is D.
upvoted 0 times
...
Ben
1 months ago
Hmm, I think D is the correct answer. The reduced functionality mode definitely impacts some detection and prevention patterns, so that one makes the most sense.
upvoted 0 times
Graciela
27 days ago
User1: Definitely, we need to make sure our systems are fully functional to avoid any security risks.
upvoted 0 times
...
Gayla
1 months ago
User2: Yeah, that's true. It's important to be aware of the limitations in RFM.
upvoted 0 times
...
Bernardo
1 months ago
User1: I think D is correct too. RFM affects some detection and prevention patterns.
upvoted 0 times
...
...

Save Cancel