According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, Reduced Functionality Mode (RFM) is a state where a host’s sensor has limited functionality due to various reasons, such as license expiration, network issues, tampering attempts, etc1. You can find hosts that are in RFM by using the Host Search tool and filtering by Sensor Status = RFM1. You can also view details about why a host is in RFM by clicking on its hostname1.
Question 9
A list of managed and unmanaged neighbors for an endpoint can be found:
Options:
A.
by using Hosts page in the Investigate tool
B.
by reviewing "Groups" in Host Management under the Hosts page
C.
under "Audit" by running Sensor Visibility Exclusions Audit
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, you can use the Hosts page in the Investigate tool to view information about your endpoints, such as hostname, IP address, OS, sensor version, etc2. You can also see a list of managed and unmanaged neighbors for each endpoint, which are other devices that have communicated with that endpoint over the network2. This can help you identify potential threats or vulnerabilities in your network2.
Question 10
The function of Machine Learning Exclusions is to___________.
Options:
A.
stop all detections for a specific pattern ID
B.
stop all sensor data collection for the matching path(s)
C.
Stop all Machine Learning Preventions but a detection will still be generated and files will still be uploaded to the CrowdStrike Cloud
D.
stop all ML-based detections and preventions for the matching path(s) and/or stop files from being uploaded to the CrowdStrike Cloud
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, Machine Learning Exclusions allow you to exclude files or directories from being scanned by CrowdStrike’s machine learning engine, which can reduce false positives and improveperformance2. You can also choose whether to upload the excluded files to the CrowdStrike Cloud or not2.
Question 11
What is an advantage of using the IP Search tool?
Options:
A.
IP searches provide manufacture and timezone data that can not be accessed anywhere else
B.
IP searches allow for multiple comma separated IPv6 addresses as input
C.
IP searches offer shortcuts to launch response actions and network containment on target hosts
D.
IP searches provide host, process, and organizational unit data without the need to write a query
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the IP Search tool allows you to search for an IP address and view a summary of information from Falcon events that contain that IP address1. The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, geolocation, process name, command line, and organizational unit of the host that communicated with that IP address1. This is an advantage of using the IP Search tool because it provides host, process, and organizational unit data without the need to write a query1.
Ayra
How these dumps are necessary for passing the certification exam?
DamianMar 10, 2026
They give you a competitive edge and help you prepare better.
Nell
Are these dumps reliable?
ErnieMar 9, 2026
Yes, very much so. Cramkey Dumps are created by experienced and certified professionals who have gone through the exams themselves. They understand the importance of providing accurate and relevant information to help you succeed.
Elise
I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?
CianMar 19, 2026
Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.
Faye
Yayyyy. I passed my exam. I think all students give these dumps a try.
EmmelineMar 4, 2026
Definitely! I have no doubt new students will find them to be just as helpful as I did.