A financial institution is deploying the Falcon sensor to a fleet of Linux servers running a mix of CentOS 7 and Rocky Linux 9. The deployment script fails on the Rocky Linux 9 servers with an error indicating an unsupported kernel. The CentOS 7 servers install successfully. What is the most likely cause of this issue?
An administrator is designing a host group structure for a large enterprise with distinct business units (e.g., Finance, Engineering, Marketing) and environments (e.g., Production, Staging, Development). The goal is to apply tailored prevention policies based on both business unit and environment. Which host grouping strategy is most effective and scalable?
A security analyst needs to create a custom IOA rule to detect a specific LOLBAS (Living Off the Land Binary and Script) technique where PowerShell is used to download a file from a remote server and then execute it. The rule should only trigger if the command line contains both 'DownloadString' and 'IEX' (Invoke-Expression). Which TWO of the following regular expressions would be most effective when used in the Command Line field of the custom IOA rule? (Select TWO)
A global retail company wants to automate its initial response to high-severity ransomware detections. The Security Operations Center (SOC) team has defined a specific workflow they want to implement using Falcon Fusion. The desired workflow is as follows: When a high-severity detection with a tactic of 'Ransomware' occurs, the system should immediately contain the affected host to prevent lateral movement. Simultaneously, a high-priority ticket should be created in their Jira instance with details of the detection, and a notification should be sent to the #soc-alerts Slack channel. The workflow should only apply to hosts in the 'Production Servers' group. Which sequence of components in a Falcon Fusion workflow would correctly implement this requirement?
True or False: To uninstall the Falcon sensor from a Windows host via the command line when uninstall protection is enabled, an administrator must first retrieve a unique, time-sensitive maintenance token from the Falcon UI and use it as a parameter in the uninstall command.
An administrator is managing a large number of custom IOCs. To improve performance and reduce clutter, they decide to set an expiration date for IOCs related to a specific, now-remediated campaign. What happens when a custom IOC reaches its expiration date?
A new Falcon administrator is reviewing the available audit logs to understand user activity within the console. Which audit log should they consult to find a record of users who have used Real-Time Response (RTR) to connect to a host and the specific commands they executed during their session?
A company's policy requires that all Falcon sensor updates are first tested on a pilot group of non-critical systems for one week before being promoted to production. The production systems should remain on the currently approved version during this testing period. How can an administrator configure Sensor Update Policies to enforce this?
A developer at a software company frequently compiles a custom, in-house application named 'DataCruncher.exe'. Each compilation results in a new file hash, causing repeated Machine Learning (ML) detections and quarantines, which disrupts their workflow. The application is always located in 'D:\dev_builds\'. What is the most precise and secure method to create an ML exclusion for this scenario?
What is the primary purpose of assigning a Customer ID (CID) during the Falcon sensor installation?