CrowdStrike Certified Falcon Administrator (CCFA) — Question 139

What best describes what happens to detections in the console after clicking "Enable Detections" for a host which previously had its detections disabled?

Answer options

• A. Enables custom detections for the host
• B. New detections will start appearing in the console, and all retroactive stored detections will be restored to the console for that host
• C. New detections will start appearing in the console immediately. Previous detections will not be restored to the console for that host
• D. Preventions will be enabled for the host

Correct answer: B

Explanation

The correct answer is B because enabling detections not only allows new detections to register but also brings back previously stored detections for that host. Option A is incorrect as it refers to custom detections, which is not the focus here. Option C is wrong since it states that previous detections will not be restored, contradicting the functionality of enabling detections. Option D is irrelevant as it discusses preventions rather than detections.