A.  

Windows\Quarantine

B.  

Windows\System32\Drivers\CrowdStrike\Quarantine

C.  

Windows\System32\

D.  

Windows\temp\Drivers\CrowdStrike\Quarantine

A.  

by using Hosts page in the Investigate tool

B.  

by reviewing "Groups" in Host Management under the Hosts page

C.  

under "Audit" by running Sensor Visibility Exclusions Audit

D.  

only by searching event data using Event Search

A.  

Severity

B.  

CrowdScore

C.  

Time

D.  

Triggering File

A.  

Do nothing, as this file is common and well known

B.  

From detection, click the VT Hash button to pivot to VirusTotal to investigate further

C.  

From detection, use API manager to create a custom blocklist

D.  

From detection, submit to FalconX for deep dive analysis

A.  

It provides a visualization of program ancestry via the Process Tree View

B.  

It provides a visualization of program ancestry via the Process Activity View

C.  

It provides detailed list of detection events via the Process Table View

D.  

It provides a detailed list of detection events via the Process Tree View

A.  

Local prevalence is the frequency with which the hash of the triggering file is seen across the entire Internet

B.  

Local Prevalence tells you how common the hash of the triggering file is within your environment (CID)

C.  

Local Prevalence is the Virus Total score for the hash of the triggering file

D.  

Local prevalence is the frequency with which the hash of the triggering file is seen across all CrowdStrike customer environments

A.  

IP Addresses

B.  

Remote or Network Logon Activity

C.  

Remote Access Graph

D.  

Hash Executions

A.  

Process Information

B.  

Port Information

C.  

IP Lookup Information

D.  

Threat Actor Information

A.  

Eternal Blue

B.  

Defense Evasion

C.  

Emotet

D.  

Phishing

A.  

Automated searches that can be used to pivot between related events and searches

B.  

Pivotable hyperlinks available in a Host Search

C.  

Custom event data queries bookmarked by the currently signed in Falcon user

D.  

Raw Falcon event data

A.  

Detections by Severity

B.  

Inactive Sensors

C.  

Sensors in RFM

D.  

Active Sensors

A.  

Filter on'Analyst: Alex'

B.  

Alex does not have the correct role permissions as a Falcon Analyst to be assigned detections

C.  

Filter on 'Hostname: Alex' and 'Status: In-Progress'

D.  

Filter on 'Status: In-Progress' and 'Assigned-to: Alex*

A.  

500

B.  

750

C.  

1000

D.  

1200

A.  

The process specified is not sent to the Falcon Sandbox for analysis

B.  

The associated detection will be suppressed and the associated process would have been allowed to run

C.  

The sensor will stop sending events from the process specified in the regex pattern

D.  

The associated IOA will still generate a detection but the associated process would have been allowed to run

A.  

ProcessTimeline Link

B.  

PID

C.  

UTCtime

D.  

Process ID or Parent Process ID

A.  

It excludes host information from Detections and Incidents generated within that file path location

B.  

It prevents file uploads to the CrowdStrike cloud from that file path

C.  

It excludes sensor monitoring and event collection for the trusted file path

D.  

It disables detection generation from that path, however the sensor can still perform prevention actions

A.  

Draw Process Explorer

B.  

Show a +/- 10-minute window of events

C.  

Show a Process Timeline for the responsible process

D.  

Show Associated Event Data (from TargetProcessld_decimal or ContextProcessld_decimal)

A.  

It is moved into theC:\CrowdStrike\Quarantine\Releasedfolder on the host

B.  

It is allowed to execute on the host

C.  

It is deleted

D.  

It is allowed to execute on all hosts