CCFA-200 CrowdStrike Certified Falcon Administrator Exam Questions

test2022-11-22T07:12:05+00:00

By test CCFA-200 CrowdStrike Certified Falcon Administrator Exam Questions, CCFA-200 dumps, CCFA-200 practice exam 0 Comments

CrowdStrike Certified Falcon Administrator CCFA-200 exam questions are newly released, which are the best guide for your preparation. CCFA-200 exam evaluates a candidate’s knowledge, skills and abilities to manage various components of the CrowdStrike Falcon platform daily, including sensor installation. You can study well by CrowdStrike CCFA-200 exam questions, it can ensure you pass your CCFA-200 exam successfully and achieve your CCFA Certification.

Try free CCFA-200 practice exam.

Page 1 of 3

1. To enhance your security, you want to detect and block based on a list of domains and IP addresses.

How can you use IOC management to help this objective?

Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead

Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only

Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block

Using IOC management, import the list of hashes and IP addresses and set the action to No Action

2. Why is it important to know your company's event data retention limits in the Falcon platform?

This is not necessary; you simply select "All Time" in your query to search all data

You will not be able to search event data into the past beyond your retention period

Data such as process records are kept for a shorter time than event data

Your query will require you to specify the data pool associated with the date you wish to search

3. Which of the following is NOT a way to determine the sensor version installed on a specific endpoint?

Use the Sensor Report to filter to the specific endpoint

Use Host Management to select the desired endpoint. The agent version will be listed in the columns and details

From a command line, run the sc query csagent -version command

Use the Investigate > Host Search to filter to the specific endpoint

4. 1.An analyst has reported they are not receiving workflow triggered notifications in the past few days.

Where should you first check for potential failures?

Custom Alert History

Workflow Execution log

Workflow Audit log

Falcon UI Audit Trail

5. Under which scenario can Sensor Tags be assigned?

While triaging a detection

While managing hosts in the Falcon console

While updating a sensor in the Falcon console

While installing a sensor

6. Which of the following is TRUE of the Logon Activities Report?

Shows a graphical view of user logon activity and the hosts the user connected to

The report can be filtered by computer name

It gives a detailed list of all logon activity for users

It only gives a summary of the last logon activity for users

7. Which of the following applies to Custom Blocking Prevention Policy settings?

Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy

Blocklisting applies to hashes, IP addresses, and domains

Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary

You can only blocklist hashes via the API

8. What is the primary purpose of using glob syntax in an exclusion?

To specify a Domain be excluded from detections

To specify exclusion patterns to easily exclude files and folders and extensions from detections

To specify exclusion patterns to easily add files and folders and extensions to be prevented

To specify a network share be excluded from detections

9. An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

File exclusions are not aligned to groups or hosts

There is a limit of three groups of hosts applied to any exclusion

There is no limit and exclusions can be applied to any or all groups

Each exclusion can be aligned to only one group of hosts

10. What command should be run to verify if a Windows sensor is running?

regedit myfile.reg

sc query csagent

netstat -f

ps -ef | grep falcon

Page 2 of 3

11. What are custom alerts based on?

Custom workflows

Custom event based triggers

Predefined alert templates

User defined Splunk queries

12. What must an admin do to reset a user's password?

From User Management, open the account details for the affected user and select "Generate New Password"

From User Management, select "Reset Password" from the three dot menu for the affected user account

From User Management, select "Update Account" and manually create a new password for the affected user account

From User Management, the administrator must rebuild the account as the certificate for user specific private/public key generation is no longer valid

13. Which is the correct order for manually installing a Falcon Package on a macOS system?

Install the Falcon package, then register the Falcon Sensor via the registration package

Install the Falcon package, then register the Falcon Sensor via command line

14. Under the "Next-Gen Antivirus: Cloud Machine Learning" setting there are two categories, one of them is "Cloud Anti-Malware" and the other is:

Adware & PUP

Advanced Machine Learning

Sensor Anti-Malware

Execution Blocking

15. How do you assign a policy to a specific group of hosts?

Create a group containing the desired hosts using "Static Assignment." Go to the Assigned Host Groups tab of the desired policy and dick "Add groups to policy." Select the desired Group(s).

Assign a tag to the desired hosts in Host Management. Create a group with an assignment rule based on that tag. Go to the Assignment tab of the desired policy and click "Add Groups to Policy." Select the desired Group(s).

Create a group containing the desired hosts using "Dynamic Assignment." Go to the Assigned Host Groups tab of the desired policy and select criteria such as OU, OS, Hostname pattern, etc.

On the Assignment tab of the desired policy, select "Static" assignment. From the next window, select the desired hosts (using fitters if needed) and click Add.

16. Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?

Sensor Report

Machine Learning Prevention Monitoring

Falcon UI Audit Trail

Machine Learning Debug

17. Where in the Falcon console can information about supported operating system versions be found?

Configuration module

Intelligence module

Support module

Discover module

18. In order to exercise manual control over the sensor upgrade process, as well as prevent unauthorized users from uninstalling or upgrading the sensor, which settings in the Sensor Update Policy would meet this criteria?

Sensor version set to N-1 and Bulk maintenance mode is turned on

Sensor version fixed and Uninstall and maintenance protection turned on

Sensor version updates off and Uninstall and maintenance protection turned off

Sensor version set to N-2 and Bulk maintenance mode is turned on

19. Which is a filter within the Host setup and management > Host management page?

User name

BIOS Version

Locality

20. Which of the following is a valid step when troubleshooting sensor installation failure?

Confirm all required services are running on the system

Enable the Windows firewall

Disable SSL and TLS on the host

Delete any available application crash log files

Page 3 of 3

21. Where do you obtain the Windows sensor installer for CrowdStrike Falcon?

Sensors are downloaded from the Hosts > Sensor Downloads

Sensor installers are unique to each customer and must be obtained from support

Sensor installers are downloaded from the Support section of the CrowdStrike website

Sensor installers are not used because sensors are deployed from within Falcon

22. When the Notify End Users policy setting is turned on, which of the following is TRUE?

End users will not be notified as we would not want to notify a malicious actor of a detection. This setting does not exist

End users will be immediately notified via a pop-up that their machine is in-network isolation

End-users receive a pop-up notification when a prevention action occurs

End users will receive a pop-up allowing them to confirm or refuse a pending quarantine

23. Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?

Next-Gen Antivirus (NGAV) protection

Adware and Potentially Unwanted Program detection and prevention

Real-time offline protection

Identification and analysis of unknown executables

24. Which exclusion pattern will prevent detections on a file at C:Program FilesMy ProgramMy Filesprogram.exe?

Program FilesMy ProgramMy Files*

Program FilesMy Program*

*Program FilesMy Program*