BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

CrowdStrike Exam CCFR-201 Topic 1 Question 4 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam

Question #: 4
Topic #: 1

[All CCFR-201 Questions]

When you configure and apply an IOA exclusion, what impact does it have on the host and what you see in the console?

AThe process specified is not sent to the Falcon Sandbox for analysis

BThe associated detection will be suppressed and the associated process would have been allowed to run

CThe sensor will stop sending events from the process specified in the regex pattern

DThe associated IOA will still generate a detection but the associated process would have been allowed to run

Show Suggested Answer

Suggested Answer: B

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, IOA exclusions allow you to exclude files or directories from being detected or blocked by CrowdStrike's indicators of attack (IOAs), which are behavioral rules that identify malicious activities1.This can reduce false positives and improve performance1.When you configure and apply an IOA exclusion, the impact is that the associated detection will be suppressed and the associated process would have been allowed to run1.This means that you will not see any alerts or events related to that IOA in the console1.

by Carma at Oct 03, 2023, 11:47 AM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!