CCFA > USER MANAGEMENT > Flashcards

USER MANAGEMENT Flashcards

(12 cards)

Study These Flashcards
1
Q

Describe capabilities of RTR Read Only Analyst role?

A

-RTR Read Only Analyst - Can run a core set of read-only response commands to perform reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How to create a new user

A

Falcon Menu> Host setup and Management> Falcon Users > User Management > Input domain email/ First name/ Last Name/ Role

**To add users, you must have an administrative role for your Falcon subscription (Falcon Administrator or Falcon Intel Admin).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How to delete a user

A

Click on Falcon > Falcon Users > User Management > Additional Actions > Delete user

**Must have an administrative role for your Falcon subscription (Falcon Administrator or Falcon Intel Admin).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to edit a user

A

Falcon Menu> Host setup and Management> Falcon Users > User Management

  • Edit User name – make changes to the user’s first and last
    name – a user’s email address can NOT be modified
  • Click > Additional Actions to Reset 2 factor authentication,
    reset passwords, or delete user
  • Click > Assign Roles to assign one or more new roles to the
    user, or remove a role
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does RTR do?

A

Real Time Response: Runs commands on Windows, Mac, Linux host directly from Falcon Console and can remotely connect to host from any location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What capabilities does RTR provide Windows hosts?

A
  • Retrieve memory dumps
  • Query, create or modify registry keys
  • Collect diagnostic logs and stateful information about a
    host
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some of the remediation tasks that RTR can perform?

A

RTR can perform many common response and remediation tasks:
- List running processes and kill processes
- Show network connections
- Navigate the file system, get or delete files, and perform many
file system operations
- Upload files
- Remotely restart or shut down a host
- Manage and run your own custom scripts or executables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe the capabilities of RTR Active Responder role?

A

RTR Active Responder - Can run all of the commands RTR Read Only Analyst can and more, including the ability to: extract files using the get command, run commands that modify the state of the remote host, and run certain custom scripts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe the capabilities of RTR Administrator role?

A

RTR Administrator - Can do everything RTR Active Responder can do, plus create custom scripts, upload files to hosts using the put command, and directly run executables using the run command

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What determines a user’s permissions in the falcon console?

A

users role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How to manage user roles?

A

falcon menu> Host setup and management> Falcon users> User management>locate the user you want to manage>select 3 dots>view user details>assign roles>select roles as necessary> assign

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

To get falcon setup, what must be created?

A

Falcon admins

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
CCFA
flashcards
Decks in class (19)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions