CrowdStrike Certified Falcon Responder (CCFR) — Question 59

When you configure and apply an IOA exclusion, what impact does it have on the host and what you see in the console?

Answer options

• A. The process specified is not sent to the Falcon Sandbox for analysis
• B. The associated detection will be suppressed and the associated process would have been allowed to run
• C. The sensor will stop sending events from the process specified in the regex pattern
• D. The associated IOA will still generate a detection but the associated process would have been allowed to run

Correct answer: B

Explanation

The correct answer is B because applying an IOA exclusion suppresses the associated detection, allowing the process to run without triggering alerts. Option A is incorrect as the process may still be analyzed, while option C misrepresents the function of the exclusion. Option D incorrectly states that a detection will still occur when the purpose of the exclusion is to prevent that.