Download CROWDSTRIKE ADMIN CERT EXAM 2024/2025 WITH 100% ACCURATE SOLUTIONS and more Exams Nursing in PDF only on Docsity! CROWDSTRIKE ADMIN CERT EXAM 2024/2025 WITH 100% ACCURATE SOLUTIONS Install Sensor (WIN) timing out? - Precise Answer ✔✔Use ProvWaitTime=3600000 (1 hour) Install Sensor - certificate pinning - Precise Answer ✔✔disable deep packet inspection helps fight man in the middle attacks Cloud Connection Site - Precise Answer ✔✔cloudsink.net Customer Checksum ID (CCID) - Precise Answer ✔✔Needed for sensor install Agent ID (AID) - Precise Answer ✔✔unique # with each installed agent Falcon running? (WIN) - Precise Answer ✔✔sc.exe query csagent Sensor Grouping Tags - Precise Answer ✔✔You can assign one or more tags to a host using the GROUPING_TAGS parameter during installation *Tags cannot have Spaces or Commas* Sensor Group Tag example - Precise Answer ✔✔This command assigns two tags to the host: Washington/DC_USA and Production. <installer_filename> /install /norestart CID=<CCID> GROUPING_TAGS="Washington/DC_USA,Production" Install Sensor (WIN) IE Proxy Detection - Precise Answer ✔✔IE proxy detection, install the sensor from the command line using the ProvNoWait parameter. Install Sensor (WIN) Virtual Environment - Precise Answer ✔✔Install the Falcon sensor using the VDI=1 parameter. Install Sensor (WIN) VM Template - Precise Answer ✔✔Install the Falcon sensor using the NO_START=1 parameter Install Sensor (WIN) Pay as you go - Precise Answer ✔✔Install the Falcon sensor using the NO_START=1 and BILLINGTYPE=Metered parameters (case-sensitive) Uninstalling the Falcon sensor (WIN) - Precise Answer ✔✔Control Panel or the command line. CLI is CsUninstallTool.exe /quiet Verify the sensor is connected to the CrowdStrike cloud - Precise Answer ✔✔netstat.exe -f Active Connections Proto Local Address State Foreign Address TCP 192.0.2.130:49790 ec2-54-219-145-181.us-west-1.compute.amazonaws.com:https ESTABLISHED Install Sensor (WIN) Allow more provisioning time - Precise Answer ✔✔If your host requires more time to connect, you can override this by using the ProvNoWait parameter in the command line. <installer_filename> /install /quiet /norestart CID=<CCID> ProvNoWait=1 Sensor Install Log locations - Precise Answer ✔✔If initiated by a user: %LOCALAPPDATA%\Temp If initiated by the CrowdStrike cloud: %SYSTEMROOT%\Temp Reduced functionality mode (RFM) - Precise Answer ✔✔RFM is most common during Windows updates. disable detections - Precise Answer ✔✔This is helpful for users who want to set up hosts to test detections in the Falcon console and who later want to remove those old test detections from the console. disable detections impacts - Precise Answer ✔✔Falcon console impact: The detections for that host are removed from the console immediately. No new detections will display in the console going forward unless detections are enabled. API impact: The DetectionSummaryEvent stops getting sent to the Streaming API for that host. Event Search impact: Even after disabling detections, the data for all existing detections prior to disabling detections will still be in Event Search. Static Host groups - Precise Answer ✔✔There is a limit of adding 1,000 hosts to a static group at a time. Static host groups are defined manually. Static groups are useful for hosts in static environments, such as QA or testing, or for when dynamic group filters are insufficient. Host Groups - Precise Answer ✔✔two types of host groups — dynamic and static. The group type is selected when you create it and can't be changed later. Group Tags 2 types - Precise Answer ✔✔Falcon grouping tags Sensor grouping tags Sensor grouping tags - Precise Answer ✔✔only added when adding sensors (win) Falcon grouping tags - Precise Answer ✔✔Add tags to individual hosts through the host summary panel. There is a 237 character limit for a tag. You can add up to 50 tags per host and 1000 tags per CID. Go to Hosts > Host Management. Click the host name in the list. In the Grouping Tags area of the host summary panel, click the + icon (Add Falcon Grouping Tag). Enter the tag name and click Add. dynamic host group - Precise Answer ✔✔can use filters to define group eg. hostname (partial) Model - Model of the hosts Platform Platform of the hosts OS Version - Version of the operating system is installed on the hosts OU - Organizational Unit (from Active Directory) Sensor Version - Version of the Falcon sensor installed on the hosts Site - The site name of the domain the machine is joined with Host Group Creation - Precise Answer ✔✔Dynamic group: Assign hosts by creating an assignment rule. Static group: Assign hosts directly by host ID or hostname. Roles - Precise Answer ✔✔A user account's roles determine permissions or access to features and functionality in the Falcon console. To grant access to the features you want, you can assign multiple roles to a single user. Each user must have at least one role. A user can access a feature if at least one of their roles grants them access. password or 2FA reset - Precise Answer ✔✔To reset another user's password, you must have an administrative role for your Falcon subscription, such as Falcon Administrator or Falcon Intel Admin. The Falcon Security Lead can reset user passwords and 2FA tokens, but cannot manage users or user roles. User information that can be modified - Precise Answer ✔✔***A user's email address cannot be modified.** The user's email and name display at the top of the page. Click Edit user name to make changes to the user's first and last name. Access additional actions to Reset two-factor authentication, Reset password, or Delete user from the three-dot menu. Click Assign roles to assign one or more new roles to the user. View all roles currently assigned to the user. Falcon Administrator - Precise Answer ✔✔Falcon Administrator can access all functionality in the console, with the exception of certain RTR functionality and custom IOAs. Falcon Security Lead - Precise Answer ✔✔Falcon Security Lead can manage detections, manage quarantined files, reset users' credentials, and view exclusions. Falcon Analyst - Precise Answer ✔✔Falcon Analyst can manage detections and quarantined files, and can view exclusions and host management. Quarantine Manager - Precise Answer ✔✔Quarantine Manager can manage quarantined files. Endpoint Manager - Precise Answer ✔✔Endpoint Manager can manage sensor deployment and maintain sensor configuration and update policies. Users assigned this role can create, edit, and delete host groups and firewall rules. Detections Exceptions Manager - Precise Answer ✔✔Detections Exceptions Manager can add and manage custom IOCs, and can create and manage machine learning, IOA, and sensor visibility exclusions Firewall Manager: - Precise Answer ✔✔Firewall Manager: Create and edit firewall rules, assign firewall rule groups to firewall policies, and assign firewall policies to host groups. Real Time Responder Roles - Precise Answer ✔✔Real Time Responder - Read Only Analyst (RTR Read Only Analyst) - Can run a core set of read-only response commands to perform reconnaissance Real Time Responder - Active Responder (RTR Active Responder) - Can run all of the commands RTR Read Only Analyst can and more, including the ability to extract files using the **get** command, run commands that modify the state of the remote host, and run certain custom scripts Real Time Responder - Administrator (RTR Administrator) - Can do everything RTR Active Responder can do, plus create custom scripts, upload files to hosts using the **put** command, and directly run executables using the run command