CrowdStrike Certified Falcon Administrator (CCFA) — Question 191

What information can be found in the Real Time Response (RTR) Audit Log?

Answer options

• A. IP Address, Prevention Policy, recent detections, and host group assignment
• B. Real Time Response (RTR) information is not collected via audit logs
• C. Session end time, command return results, and file activity
• D. Session start time, duration, user, hostname, commands used, and retrieved files

Correct answer: D

Explanation

The correct answer is D, as it accurately lists the details captured in the RTR Audit Log, which includes session specifics and commands used. Options A and C provide unrelated information that does not pertain to the RTR Audit Log, while B incorrectly states that such information is not collected.