Do you know that you can access more real exam questions via Premium Access? ()
What information does the API Audit Trail Report provide?
What best describes what happens to detections in the console after clicking "Enable Detections" for a host which previously had its detections disabled?
When a Linux host is in Reduced Functionality Mode (RFM) what telemetry and protection is still offered?
You have a Windows host on your network in Reduced functionality mode (RFM). While the system is in RFM, which of the following is TRUE?
Answer : D
The option that is true when a Windows host is in Reduced Functionality Mode (RFM) is that some detection patterns and preventions will not be triggered. RFM is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure. When a Windows sensor is in RFM, it will only provide basic prevention capabilities, such as blocking known malware hashes and preventing script execution from the %TEMP% directory. The sensor will not send any telemetry or detection events to the Falcon platform, and will not receive any policy or update changes from the Falcon cloud. This means that some detection patterns and preventions that rely on telemetry, machine learning, or cloud analysis will not be triggered.