CrowdStrike Certified Falcon Administrator (CCFA) — Question 185

Your security team is noticing that certain privacy-sensitive information such as the URL, HTTP Header and POST bodies are missing from HTTP related detections.

What is likely the cause for this?

Answer options

• A. The prevention policy was never configured to generate HTTP detections
• B. The prevention policy has been configured to redact HTTP detection details
• C. The prevention policy was configured to have an aggressive prevention setting, but only a cautious detection setting
• D. The network perimeter firewall blocked the HTTP connection attempts so there was nothing for Falcon to detect

Correct answer: B

Explanation

The correct answer is B because if the prevention policy has been configured to redact HTTP detection details, it would explain the missing information. Option A is incorrect as it would mean no detections at all, while C is misleading as it refers to detection settings that aren't directly related to the redaction issue. Option D is also wrong because if the firewall blocked connections, there would be no HTTP traffic to analyze, but the question specifies that detections are missing rather than non-existent.