Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFA All Questions

View all questions & answers for the CCFA exam
Go to Exam

Exam CCFA topic 1 question 20 discussion

Actual exam question from CrowdStrike's CCFA
Question #: 20
Topic #: 1
[All CCFA Questions]

How long are detection events kept in Falcon?

  • A. Detection events are kept for 90 days
  • B. Detections events are kept for your subscribed data retention period
  • C. Detection events are kept for 7 days
  • D. Detection events are kept for 30 days
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by plantvast at Jan. 20, 2023, 4:22 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
vsnt89
2 months, 3 weeks ago
Selected Answer: A
Option A
upvoted 1 times
...
silva222222
6 months ago
Selected Answer: A
https://www.crowdstrike.com/products/endpoint-security/falcon-insight-edr/faq/
upvoted 1 times
...
Manuneethi
1 year, 4 months ago
90 days only
upvoted 2 times
...
sbag0024
1 year, 5 months ago
Shoot it Could be A.Per the CCFA Checklist Notes " Data is only available in the Falcon UI for investigations, etc. through the company’s data retention time frame; detection information is kept for 90 days regardless; UI audits are available for 1 year
upvoted 2 times
...
sbag0024
1 year, 5 months ago
Selected Answer: B
Going to go with B, its either B or C . Bad question really.
upvoted 1 times
...
sbag0024
1 year, 5 months ago
I Think this is C, It says Detection Events. Events are stored for 7 Days
upvoted 1 times
...
Synecdoque19
1 year, 5 months ago
Activity feed (alerts) are kept 90 days. Events (EAM Data) depends on your contract
upvoted 1 times
...
SoFi443
1 year, 5 months ago
I think the right answer should be B
upvoted 2 times
...
FerbOP
1 year, 7 months ago
Selected Answer: A
A is correct
upvoted 2 times
...
options862
1 year, 7 months ago
Option - A Note: CrowdStrike keeps detection data in the cloud for 90 days, after which some of the data gets purged from the database. Null icons indicate that some of the data for a process has started to be nullified. It could be a missing tactic, label, metadata or any part of the information pertaining to that process.
upvoted 2 times
...
plantvast
1 year, 10 months ago
The wording of the question makes this confusing. Detections themselves are kept for 90 days but event data is only kept for the event retention set.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel