CrowdStrike Certified Falcon Administrator (CCFA) — Question 58

How do you disable all detections for a host?

Answer options

• A. Create an exclusion rule and apply it to the machine or group of machines
• B. Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)
• C. You cannot disable all detections on individual hosts as it would put them at risk
• D. In Host Management, select the host and then choose the option to Disable Detections

Correct answer: D

Explanation

The correct answer is D because it provides a direct method to disable detections through the Host Management interface. Option A suggests creating an exclusion rule, which does not completely disable detections. Option B involves contacting support, which is not necessary for this action. Option C incorrectly states that it is impossible to disable detections, whereas it can be done through the described method.