CrowdStrike Certified Falcon Administrator (CCFA) — Question 54

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

Answer options

• A. Contact support and request that they modify the Machine Learning settings to no longer include this detection
• B. Using IOC Management, add the hash of the binary in question and set the action to "Allow"
• C. Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
• D. Using IOC Management, add the hash of the binary in question and set the action to "No Action"

Correct answer: B

Explanation

The correct answer is B because adding the hash of the binary and setting the action to 'Allow' will prevent future detections of that binary as malicious, effectively reducing false positives. Option A is not viable as modifying Machine Learning settings may not target the specific binary. Option C will block the binary, which is not desired, and option D will not take any action, leaving the issue unresolved.