CrowdStrike Certified Falcon Administrator (CCFA) — Question 28

You want to create a detection-only policy. How do you set this up in your policy's settings?

Answer options

• A. Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender.
• B. Select the "Detect-Only" template. Disable hash blocking and exclusions.
• C. You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect.
• D. Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.

Correct answer: D

Explanation

The correct answer, D, accurately describes the process of configuring the Next-Gen Antivirus to only detect threats without prevention. Option A is incorrect because it suggests disabling Windows Defender, which is not necessary. Option B is incorrect as it refers to a template that may not exist, and option C is wrong because it states that detection-only policies cannot be created, which is false.