CrowdStrike Certified Falcon Administrator (CCFA) — Question 84

On a Windows host, what is the best command to determine if the sensor is currently running?

Answer options

• A. sc query csagent
• B. netstat -a
• C. This cannot be accomplished with a command
• D. ping falcon.crowdstrike.com

Correct answer: A

Explanation

The command 'sc query csagent' is specifically designed to check the status of the CrowdStrike sensor service on a Windows system, making it the correct choice. The other options, such as 'netstat -a' and 'ping falcon.crowdstrike.com', do not provide information about the sensor's operational status, and option C incorrectly states that it can't be done with a command.