Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors

CCFA-200 CrowdStrike Certified Falcon Administrator Questions and Answers

Questions 4

Which of the following is NOT an available filter on the Hosts Management page?

Options:

A.

Hostname

B.

Username

C.

Group

D.

OS Version

Buy Now
Questions 5

Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?

Options:

A.

Remediation Manager

B.

Real Time Responder – Read Only Analyst

C.

Falcon Analyst – Read Only

D.

Real Time Responder – Active Responder

Buy Now
Questions 6

What must an admin do to reset a user's password?

Options:

A.

From User Management, open the account details for the affected user and select "Generate New Password"

B.

From User Management, select "Reset Password" from the three dot menu for the affected user account

C.

From User Management, select "Update Account" and manually create a new password for the affected user account

D.

From User Management, the administrator must rebuild the account as the certificate for user specific private/public key generation is no longer valid

Buy Now
Questions 7

Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?

Options:

A.

Sensor Report

B.

Machine Learning Prevention Monitoring

C.

Falcon UI Audit Trail

D.

Machine Learning Debug

Buy Now
Questions 8

What is the purpose of the Default Sensor Policy?

Options:

A.

A mechanism to deploy the oldest supported version of the Falcon Sensor.

B.

Tests the sensor configuration settings before deployment.

C.

Used to reset all sensor settings to Default.

D.

Acts as a "catch all" policy if no other Sensor Policies are applied.

Buy Now
Questions 9

A sensor that has not contacted the Falcon cloud will be automatically deleted from the hosts list after how many days?

Options:

A.

45 Days

B.

60 Days

C.

30 Days

D.

90 Days

Buy Now
Questions 10

When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?

Options:

A.

Maintenance token

B.

Customer ID (CID)

C.

Bulk update key

D.

Agent ID (AID)

Buy Now
Questions 11

Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

Options:

A.

.*badguydomain.com.*

B.

\Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill

C.

badguydomain\.com.*

D.

Custom IOA rules cannot be created for domains

Buy Now
Questions 12

What best describes what happens to detections in the console after clicking "Disable Detections" for a host from within the Host Management page?

Options:

A.

The detections for the host are removed from the console immediately and no new detections will display in the console going forward

B.

You cannot disable detections for a host

C.

Existing detections for the host remain, but no new detections will display in the console going forward

D.

Preventions will be disabled for the host

Buy Now
Questions 13

You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they are not allowed to run in your environment. You have chosen to use Falcon to do this. Which is the best way to accomplish this?

Options:

A.

Using the Support Portal, create a support ticket and include the list of binary hashes, asking support to create an "Execution Prevention" rule to prevent these processes from running

B.

Using Custom Alerts in the Investigate App, create a new alert using the template "Process Execution" and within that rule, select the option to "Block Execution"

C.

Using IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking.

D.

Using the API, gather the list of SHA256 or MD5 hashes for each binary and then upload them, setting them all to "Never Allow"

Buy Now
Questions 14

Which is a filter within the Host setup and management > Host management page?

Options:

A.

User name

B.

OU

C.

BIOS Version

D.

Locality

Buy Now
Questions 15

Which Real Time Response role will allow you to see all analyst session details?

Options:

A.

Real Time Response - Read-Only Analyst

B.

None of the Real Time Response roles allows this

C.

Real Time Response -Active Responder

D.

Real Time Response -Administrator

Buy Now
Questions 16

An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

Options:

A.

File exclusions are not aligned to groups or hosts

B.

There is a limit of three groups of hosts applied to any exclusion

C.

There is no limit and exclusions can be applied to any or all groups

D.

Each exclusion can be aligned to only one group of hosts

Buy Now
Questions 17

Once an exclusion is saved, what can be edited in the future?

Options:

A.

All parts of the exclusion can be changed

B.

Only the selected groups and hosts to which the exclusion is applied can be changed

C.

Only the options to "Detect/Block" and/or "File Extraction" can be changed

D.

The exclusion pattern cannot be changed

Buy Now
Questions 18

To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

Options:

A.

Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead

B.

Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only

C.

Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block

D.

Using IOC management, import the list of hashes and IP addresses and set the action to No Action

Buy Now
Questions 19

Which of the following best describes what the Uninstall and Maintenance Protection setting controls within your Sensor Update Policy?

Options:

A.

Prevents automatic updates of the sensor

B.

Prevents the sensor from entering Reduced Functionality Mode

C.

Prevents modification of sensor update policy

D.

Prevents unauthorized uninstallation of the sensor

Buy Now
Questions 20

In order to exercise manual control over the sensor upgrade process, as well as prevent unauthorized users from uninstalling or upgrading the sensor, which settings in the Sensor Update Policy would meet this criteria?

Options:

A.

Sensor version set to N-1 and Bulk maintenance mode is turned on

B.

Sensor version fixed and Uninstall and maintenance protection turned on

C.

Sensor version updates off and Uninstall and maintenance protection turned off

D.

Sensor version set to N-2 and Bulk maintenance mode is turned on

Buy Now
Questions 21

What is the maximum number of patterns that can be added when creating a new exclusion?

Options:

A.

10

B.

0

C.

1

D.

5

Buy Now
Questions 22

When a Linux host is in Reduced Functionality Mode (RFM) what telemetry and protection is still offered?

Options:

A.

The sensor would provide protection as normal, without event telemetry

B.

The sensor would provide minimal protection

C.

The sensor would function as normal

D.

The sensor provides no protection, and only collects Sensor Heart Beat events

Buy Now
Questions 23

How does the Unique Hosts Connecting to Countries Map help an administrator?

Options:

A.

It highlights countries with known malware

B.

It helps visualize global network communication

C.

It identifies connections containing threats

D.

It displays intrusions from foreign countries

Buy Now
Questions 24

You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?

Options:

A.

Script-based Execution Monitoring

B.

Interpreter-Only

C.

Additional User Mode Data

D.

Engine (Full Visibility)

Buy Now
Questions 25

You have created a Sensor Update Policy for the Mac platform. Which other operating system(s) will this policy manage?

Options:

A.

*nix

B.

Windows

C.

Both Windows and *nix

D.

Only Mac

Buy Now
Questions 26

How do you assign a policy to a specific group of hosts?

Options:

A.

Create a group containing the desired hosts using "Static Assignment." Go to the Assigned Host Groups tab of the desired policy and dick "Add groups to policy." Select the desired Group(s).

B.

Assign a tag to the desired hosts in Host Management. Create a group with an assignment rule based on that tag. Go to the Assignment tab of the desired policy and click "Add Groups to Policy." Select the desired Group(s).

C.

Create a group containing the desired hosts using "Dynamic Assignment." Go to the Assigned Host Groups tab of the desired policy and select criteria such as OU, OS, Hostname pattern, etc.

D.

On the Assignment tab of the desired policy, select "Static" assignment. From the next window, select the desired hosts (using fitters if needed) and click Add.

Buy Now
Questions 27

After agent installation, an agent opens a permanent___connection over port 443 and keeps that connection open until the endpoint is turned off or the network connection is terminated.

Options:

A.

SSH

B.

TLS

C.

HTTP

D.

TCP

Buy Now
Questions 28

What may prevent a user from logging into Falcon via single sign-on (SSO)?

Options:

A.

The SSO username doesn't match their email address in Falcon

B.

The maintenance token has expired

C.

Falcon is in reduced functionality mode

D.

The user never configured their security questions

Buy Now
Questions 29

Why do Sensor Update policies need to be configured for each OS (Windows, Mac, Linux)?

Options:

A.

To bundle the Sensor and Prevention policies together into a deployment package

B.

Sensor Update policies are OS dependent

C.

To assist with auditing and change management

D.

This is false. One policy can be applied to all Operating Systems

Buy Now
Questions 30

Which of the following prevention policy settings monitors contents of scripts and shells for execution of malicious content on compatible operating systems?

Options:

A.

Script-based Execution Monitoring

B.

FileSystem Visibility

C.

Engine (Full Visibility)

D.

Suspicious Scripts and Commands

Buy Now
Questions 31

Which statement describes what is recommended for the Default Sensor Update policy?

Options:

A.

The Default Sensor Update policy should align to an organization's overall sensor updating practice while leveraging Auto N-1 and Auto N-2 configurations where possible

B.

The Default Sensor Update should be configured to always automatically upgrade to the latest sensor version

C.

Since the Default Sensor Update policy is pre-configured with recommend settings out of the box, configuration of the Default Sensor Update policy is not required

D.

No configuration is required. Once a Custom Sensor Update policy is created the Default Sensor Update policy is disabled

Buy Now
Questions 32

How are user permissions set in Falcon?

Options:

A.

Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions

B.

Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments

C.

An administrator selects individual granular permissions from the Falcon Permissions List during user creation

D.

Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions

Buy Now
Questions 33

What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?

Options:

A.

To group hosts with others in the same business unit

B.

To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time

C.

To prioritize the order in which Falcon updates are installed, so that updates are not installed all at once leading to network congestion

D.

To allow the controlled assignment of sensor versions onto specific hosts

Buy Now
Questions 34

Where can you modify settings to permit certain traffic during a containment period?

Options:

A.

Prevention Policy

B.

Host Settings

C.

Containment Policy

D.

Firewall Settings

Buy Now
Questions 35

What information does the API Audit Trail Report provide?

Options:

A.

A list of analyst login activity

B.

A list of specific changes to prevention policy

C.

A list of actions taken via Falcon OAuth2-based APIs

D.

A list of newly added hosts

Buy Now
Questions 36

Which of the following is TRUE of the Logon Activities Report?

Options:

A.

Shows a graphical view of user logon activity and the hosts the user connected to

B.

The report can be filtered by computer name

C.

It gives a detailed list of all logon activity for users

D.

It only gives a summary of the last logon activity for users

Buy Now
Questions 37

Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?

Options:

A.

Real Time Responder

B.

Endpoint Manager

C.

Falcon Investigator

D.

Remediation Manager

Buy Now
Questions 38

Which of the following controls the speed in which your sensors will receive automatic sensor updates?

Options:

A.

Maintenance Tokens

B.

Sensor Update Policy

C.

Sensor Update Throttling

D.

Channel File Update Throttling

Buy Now
Questions 39

Which statement is TRUE regarding disabling detections on a host?

Options:

A.

Hosts with detections disabled will not alert on blocklisted hashes or machine learning detections, but will still alert on lOA-based detections. It will remain that way until detections are enabled again

B.

Hosts with detections disabled will not alert on anything until detections are enabled again

C.

Hosts with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed

D.

Hosts cannot have their detections disabled individually

Buy Now
Questions 40

Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?

Options:

A.

Next-Gen Antivirus (NGAV) protection

B.

Adware and Potentially Unwanted Program detection and prevention

C.

Real-time offline protection

D.

Identification and analysis of unknown executables

Buy Now
Questions 41

Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?

Options:

A.

Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

B.

Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"

C.

Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

D.

Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"

Buy Now
Questions 42

Where in the console can you find a list of all hosts in your environment that are in Reduced Functionality Mode (RFM)?

Options:

A.

Host Dashboard

B.

Host Management > Filter for RFM

C.

Inactive Sensor Report

D.

Containment Policy

Buy Now
Questions 43

Which of the following is TRUE regarding disabling detections for a host?

Options:

A.

After disabling detections, the host will operate in Reduced Functionality Mode (RFM) until detections are enabled

B.

After disabling detections, the data for all existing detections prior to disabling detections is removed from the Event Search

C.

The DetectionSummaryEvent continues being sent to the Streaming API for that host

D.

The detections for that host are removed from the console immediately. No new detections will display in the console going forward unless detections are enabled

Buy Now
Questions 44

What is the name for the unique host identifier in Falcon assigned to each sensor during sensor installation?

Options:

A.

Endpoint ID (EID)

B.

Agent ID (AID)

C.

Security ID (SID)

D.

Computer ID (CID)

Buy Now
Questions 45

Why is the ability to disable detections helpful?

Options:

A.

It gives users the ability to set up hosts to test detections and later remove them from the console

B.

It gives users the ability to uninstall the sensor from a host

C.

It gives users the ability to allowlist a false positive detection

D.

It gives users the ability to remove all data from hosts that have been uninstalled

Buy Now
Exam Code: CCFA-200
Exam Name: CrowdStrike Certified Falcon Administrator
Last Update: Nov 20, 2024
Questions: 153

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now CCFA-200 testing engine

PDF (Q&A)

$31.5  $104.99
buy now CCFA-200 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024