CrowdStrike Certified Falcon Administrator (CCFA) — Question 199

After successfully installing Falcon on a new employee's laptop, you notice that the machine is assigned the default prevention policy instead of the custom prevention policy you created. You verify that the Falcon sensor is functioning properly, and you confirm that the custom policy is enabled and successfully running on more than 1,000 other Falcon hosts.

What is the likely cause of this issue?

Answer options

• A. Falcon requires a 24- hour waiting period to apply custom policies to newly installed hosts
• B. The laptop is not a member of a host group assigned to the custom policy
• C. A host-based firewall rule is preventing the custom policy from applying successfully
• D. A prompt to apply the new prevention policy was manually declined

Correct answer: B

Explanation

The correct answer is B because the custom prevention policy can only be applied to hosts that are part of the designated host group. Options A and C are incorrect as there is no waiting period enforced by Falcon, and host-based firewall rules do not typically interfere with policy application in this context. Option D is also incorrect since there is no indication that a prompt was declined.