CrowdStrike Certified Falcon Administrator (CCFA) — Question 144

What should be disabled on firewalls so that the sensor's man-in-the-middle attack protection works properly?

Answer options

• A. Windows Proxy
• B. Deep packet inspection
• C. Linux Sub-System
• D. PowerShell

Correct answer: B

Explanation

Deep packet inspection needs to be disabled on firewalls because it can interfere with the sensor's ability to effectively detect and prevent man-in-the-middle attacks. The other options, such as Windows Proxy, Linux Sub-System, and PowerShell, do not directly impact the sensor's functionality in this context.