ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 146 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 146
Topic #: 1
[All CCFA Questions]

What best describes what happens to detections in the console after clicking "Enable Detections" for a host which previously had its detections disabled?

  • A. Enables custom detections for the host
  • B. New detections will start appearing in the console, and all retroactive stored detections will be restored to the console for that host
  • C. New detections will start appearing in the console immediately. Previous detections will not be restored to the console for that host
  • D. Preventions will be enabled for the host
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by javier199255 at Aug. 27, 2024, 6:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
EA88
1 month, 1 week ago
Selected Answer: B
when you enable detections again, the previously hidden detections will be restored and become visible in the Falcon Host UI. So, the detections are not lost, and the system does indeed restore that data to the UI once you enable detections again for the host.
upvoted 1 times
...
evilCorpBot7494
3 months, 3 weeks ago
Selected Answer: B
Answer is B. When selecting the "enable detections" button in the host management section, the message says: "You are about to enable detections for HOSTNAME. By doing so, detections will resume for this host and will start appearing in the Falcon Host UI. As a reminder, any detections that existed prior to disabling detections will be restored to the UI. Are you sure you want to enable detections for HOSTNAME?"
upvoted 3 times
...
kitkat007
4 months, 4 weeks ago
Selected Answer: C
C. New detections will start appearing in the console immediately. Previous detections will not be restored to the console for that host This ensures that the host resumes normal detection reporting from the point detections are re-enabled, without retroactively adding past events that occurred during the disabled period.
upvoted 1 times
...
6c86de0
6 months, 3 weeks ago
Selected Answer: C
C
upvoted 1 times
...
javier199255
8 months ago
Selected Answer: B
Test en Falcon console, at the moment that you are going to disable the detections the console advice to this action.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago