CrowdStrike Certified Falcon Administrator (CCFA) — Question 160

What happens to detections in the console after clicking “Disable Detections" for a host from within the Host Management page?

Answer options

• A. Detections from the host are paused for 7 days. Existing detections from the host are removed from the console within 24 hours.
• B. The detections for the host are removed from the console immediately. No new detections will display in the console going forward.
• C. Existing detections for the host remain. No new detections will display in the console going forward.
• D. Existing detections for the host are removed from the console. The process that triggered them is allow-listed to prevent future alerts. Detections for other alerts are unaffected.

Correct answer: B

Explanation

The correct answer is B because clicking 'Disable Detections' results in immediate removal of detections from the console, with no new detections appearing thereafter. Options A, C, and D are incorrect as they either suggest a delay in removal or imply that existing detections will continue to be displayed.