The unkown executables and zero days is the whole purpose of applying Machine Learning to threat detection in cybersecurity. Offline protection should still be had by all modules, otherwise CS would be a very bad solution if it only protects from your blacklisted hashes when you have internet. Answer is D.
In the prevention policy its clearly mentioned that " FOR OFFLINE AND ONLINE HOSTS" - "For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.", so the answer should be D
It's mentioned in the console, "For offline and online hosts.....". So the answer shouldn't be "C".
====================================================
Sensor Anti-malware
For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. About levels
According to documentation (documentation/detections/technique/sensor-based-ml-cst0007):
CrowdStrike sensor-based machine learning (ML) identifies and analyzes unknown executables as they run on hosts. This technique is triggered by files and file attributes associated with known malware.
This is similar to the [Cloud-based ML](/support/documentation/detections/technique/cloud-based-ml) technique. Cloud-based ML is informed by global analysis of executables that classifies and identifies malware. The key difference is that it doesn't run on hosts when they're offline.
Therefore it is D. Sensor-based ML does not run on hosts when they are offline, discarding C.
D is correct. Says right in the setting "...use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
It should be D, the only option within the Sensor Machine Learning section is Sensor Anti-malware (Detection & Prevention) and it reads: "For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware.
That's basically what option D is
Answer is D.
"For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware."
only sensor base include offline
Sensor Anti-malware
For offline and online hosts, use sensor-based machine learning to identify and analyze unknown executables as they run to detect and prevent malware. About levels
I would go with D. After checking the documentation i found this "or unknown and zero-day threats, Falcon applies IOA detection, using machine learning techniques to build predictive models that can detect never-before-seen malicious activities with high accuracy."
ChatGPT also confirms it and some online resources
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
evilCorpBot7494
3 weeks, 3 days agosadevek
5 months, 3 weeks agoBrian9296
1 year, 2 months agoDarkieCopy
1 year, 5 months agoTommyJ111
1 year, 6 months agosbag0024
1 year, 6 months agosbag0024
1 year, 6 months agoLaCubanita
1 year, 7 months agoFerbOP
1 year, 8 months agoDave071
1 year, 8 months agoPrr0
1 year, 9 months agobbqsauceomg
1 year, 9 months agotestmailuc
1 year, 9 months agoandreiushu
1 year, 10 months agoRoy_So
1 year, 10 months agoVJJijo
1 year, 10 months agoRoy_So
1 year, 10 months ago