CrowdStrike Certified Falcon Administrator (CCFA) — Question 79

You need to export a list of all detections for a specific Host Name in the last 24 hours. What is the best way to do this?

Answer options

• A. Go to Host Management in the Host page. Select the host and use the Export Detections button
• B. Utilize the Detection Resolution Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detection Resolution History" section
• C. In the Investigate module, access the Detection Activity page. Use the filters to focus on the appropriate hostname and time, then export the results
• D. Utilize the Detection Activity Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detections by Host" section

Correct answer: C

Explanation

The correct answer is C because the Investigate module's Detection Activity page is specifically designed for analyzing detection data and allows for filtering by hostname and time. Options A, B, and D do not provide the same level of focus on detection activity over the specified timeframe as option C does.