Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

CrowdStrike Certified Falcon Responder CCFR-201b Question # 5 Topic 1 Discussion

CrowdStrike Certified Falcon Responder CCFR-201b Question # 5 Topic 1 Discussion

CCFR-201b Exam Topic 1 Question 5 Discussion:
Question #: 5
Topic #: 1

If an organization is experiencing several false positives from a specific Machine Learning (ML) detection group and wants to create a tightly-scoped allowlist, which grouping should they use first?


A.

Group by Filename


B.

Group by Hash


C.

Group by Command Line


D.

Group by User


Get Premium CCFR-201b Questions

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.