CrowdStrike Certified Falcon Administrator (CCFA) — Question 155

What is the best way to write an ML exclusion for any executable file at "C:\Program Files\Software\"?

Answer options

• A. You cannot. You must list a specific file in an exclusion rule
• B. Program Files\Software\**
• C. Program Files\Software\.*
• D. Program Files\Software\*.exe

Correct answer: D

Explanation

The correct answer is D, as it specifies that any file with an .exe extension in the 'C:\Program Files\Software\' directory will be excluded. Option A is incorrect because exclusions can be made using patterns like D. Options B and C use incorrect wildcard syntax for executable files.