CrowdStrike Certified Falcon Administrator (CCFA) — Question 157

What best describes the effect of disabling detections for a host?

Answer options

• A. Detections for the host are removed from the console immediately and no new detections display in the console going forward until re-enabled
• B. Existing detections for the host remain, but no new detections will be presented in the console going forward until re-enabled
• C. Detections for the host are removed from the console immediately and cannot be restored unless the sensor is reinstalled
• D. You cannot disable detections for a single host and are only able to prevent detections via allowlisting

Correct answer: A

Explanation

The correct answer, A, indicates that disabling detections results in their immediate removal from the console and prevents new detections from appearing until the feature is re-enabled. Option B is incorrect because it implies that existing detections will still show, which is not the case. Option C incorrectly states that detections cannot be restored without reinstalling the sensor, while D is false as it suggests that detections cannot be disabled for a single host at all.