CrowdStrike
CCFA-200B · Question #196
CCFA-200B Question #196: Real Exam Question with Answer & Explanation
Sign in or unlock CCFA-200B to reveal the answer and full explanation for question #196. The question stem and answer options stay visible for context.
Question
Your organization wants to monitor the use of remote access software that is currently authorized. The executable is called remote.exe. How would you trigger a detection for review of any process named remote.exe?
Options
- ACreate an exclusion for remote.exe and set a workflow to email you every time the exclusion is
- BAssign an aggressive detection level machine-learning prevention policy to the applicable hosts
- CWrite an IOA rule to monitor process creation of .*\remote.exe
- DWrite a scheduled search looking for ProcessRollup2 events for remote.exe
Unlock CCFA-200B to see the answer
You've previewed enough free CCFA-200B questions. Unlock CCFA-200B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.