CrowdStrike Certified Falcon Administrator (CCFA) — Question 52

You are beginning the rollout of the Falcon Sensor for the first time side-by-side with your existing security solution. You need to configure the Machine Learning levels of the Prevention Policy so it does not interfere with existing solutions during the testing phase. What settings do you choose?

Answer options

• A. • Detection slider: Extra Aggressive • Prevention slider: Cautious
• B. • Detection slider: Moderate • Prevention slider: Disabled
• C. • Detection slider: Cautious • Prevention slider: Cautious
• D. • Detection slider: Disabled • Prevention slider: Disabled

Correct answer: B

Explanation

The correct choice is B because setting the Detection slider to Moderate and the Prevention slider to Disabled allows the Falcon Sensor to monitor activity without blocking any actions from the existing security solution. The other options either increase detection sensitivity or enable prevention features that could conflict with the current setup, which is not ideal during the testing phase.