Exam CCFA topic 1 question 9 discussion

I believe it's the option B. Knowing that only RTR roles allow you to get remote access to a workstation, I assume these are the potential option. Then I read on the documentation that RTR- Responder allows you to extract file and this is not being asked on the question, so I strongly believe that B is the correct option.

checked

Also Falcon Analyst-Ready Only having more options then Real Time Responder-Read Only Analyst according to CrowdStrike Original Console note. You can Falcon Analyst-Read only as one more role. that's it.

C Only correct. The question itsellf mentioned Falcon Analyst, he needed additional rights to view all logs. So Falcon Analyst- Read Only Correct

B is correct answer

B is correct, checked in the docs

B.. confirmed in portal

B is correct

I Agree, the B is the correct answer. The Falcon Analyst do not have any RTR permission, so it is not able to connect to any host or list files, of course the real time download of files is not allowed. The Real Time Responder - Read Only Analyst only allows to run the commands "cat,cd,clear,env,eventlog,filehash,getsid,help,history,ipconfig,ls,mount,netstat,ps,reg" the role do not have permission to get files so it is the most aproximated profile for the requested capabilities.

B is the correct answer

I think it would be Real Time Responder - Read Only Analyst. since the RTR admins are probably capable of everything with RTR and RTR Active Responder can extract files from the machine while in the question the ask not to.

@plantvast - but which one?

Questions is talking about viewing files and contents on managed hosts which is only possible using Real-Time Response (RTR).