CrowdStrike Certified Falcon Responder (CCFR) — Question 29

What happens when you create a Sensor Visibility Exclusion for a trusted file path?

Answer options

• A. It excludes host information from Detections and Incidents generated within that file path location
• B. It prevents file uploads to the CrowdStrike cloud from that file path
• C. It excludes sensor monitoring and event collection for the trusted file path
• D. It disables detection generation from that path, however the sensor can still perform prevention actions

Correct answer: C

Explanation

The correct answer is C, as creating a Sensor Visibility Exclusion for a trusted file path means that the sensor will not monitor or collect events from that specific path. Option A is incorrect because it refers to Detections and Incidents, which are not excluded from monitoring; B is wrong as it relates to file uploads rather than sensor visibility; and D is misleading because while detection generation is indeed disabled, the sensor's ability to perform prevention actions is unaffected in other contexts.