CrowdStrike Certified Falcon Administrator (CCFA) — Question 94

What command should be run to verify if a Windows sensor is running?

Answer options

• A. regedit myfile.reg
• B. sc query csagent
• C. netstat -f
• D. ps -ef | grep falcon

Correct answer: B

Explanation

The correct answer is B, as the 'sc query csagent' command specifically checks the status of the csagent service, which is associated with the Windows sensor. The other options are incorrect because 'regedit' is used for editing the registry, 'netstat' displays network connections, and 'ps -ef | grep falcon' is a command used in Unix/Linux environments, not applicable to Windows sensors.