When you re-enable detections, the data should be restored to the UI. This means once detections are re-enabled, the existing detection data that was hidden (while detections were disabled) will become visible again in the Falcon Host UI.
The key takeaway is that while detections are disabled, the data is hidden, but once you re-enable detections, that hidden data is restored to the UI.
When you select disable detection for a Host in the Host Management section, the shown message is the following:
"You are about to disable detections for HOSTNAME. By doing so, detections will stop being generated on this host and all existing detections for this host will be hidden from the Falcon Host UI.
This data will be restored to the UI if you re-enable detections on this host.
Are you sure you want to disable detections for HOSTNAME?"
So yeah, the correct one is C. The detections for the host are removed from the console immediately and no new detections will display in the console going forward
D. Existing detections for the host remain, but no new detections will display in the console going forward
This action does not affect prevention mechanisms; they continue to operate as configured. Disabling detections simply stops new detection alerts from appearing in the console for the specified host.
Disable detections
You are about to disable detections for XXXXXXX. By doing so, detections will stop being generated on this host and all existing detections for this host will be hidden from the Falcon Host UI.
This data will be restored to the UI if you re-enable detections on this host.
Are you sure you want to disable detections for XXXXXX?
Tested in console now
Below is the pop up when u click on "Disable Detection":
You are about to disable detections for XXXXXXXXX. By doing so, detections will stop being generated on this host and all existing detections for this host will be removed from the Falcon Host UI.
This data cannot be restored to the UI later, even if you re-enable detections on this host.
Are you sure you want to disable detections for XXXXXXXXXXX?
This section is not available anymore. Please use the main Exam Page.CCFA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
EA88
1 month, 1 week agoevilCorpBot7494
3 months, 3 weeks agokitkat007
4 months, 4 weeks agolisaKatia
7 months, 3 weeks agojavier199255
8 months agoBrian9296
1 year, 5 months agojuliusib
1 year, 5 months agocrowdstrikerz
1 year, 5 months agojuliusib
1 year, 5 months agoLucas_L
1 year, 5 months ago