CrowdStrike Certified Falcon Administrator (CCFA) — Question 163

As a Falcon Administrator, you would like to tune your Prevention Policies and compare the number of detections that would have resulted in the last 30 days depending on which detection level was used (Cautious, Moderate, Aggressive or Extra Aggressive).

Which audit logs would best help you evaluate the appropriate setting to use?

Answer options

• A. Machine-learning prevention monitoring
• B. Prevention policy
• C. Policy efficacy monitoring
• D. Prevention policy debug

Correct answer: A

Explanation

The correct answer is A, as Machine-learning prevention monitoring provides insights into how various detection levels would impact detection rates. The other options do not offer the necessary data for evaluating the efficacy of different detection levels in terms of actual threat detection over the specified period.