
[UPDATED 2023] CCFA-200 dumps Free Test Engine Verified By Certified Experts
Realistic CCFA-200 Accurate & Verified Answers As Experienced in the Actual Test!
CrowdStrike CCFA-200 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION 24
Why would you assign hosts to a static group instead of a dynamic group?
- A. You want the group to contain hosts from multiple operating systems
- B. You are managing more than 1000 hosts
- C. You do not want the group membership to change automatically
- D. You need hosts to be automatically assigned to a group
Answer: C
NEW QUESTION 25
To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?
- A. Using IOC management, import the list of hashes and IP addresses and set the action to No Action
- B. Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block
- C. Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead
- D. Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only
Answer: B
NEW QUESTION 26
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?
- A. The API client secret cannot be retrieved after it has been created
- B. The API client secret can be viewed from the Edit API client pop-up box
- C. Enable the Client Secret column to reveal the API client secret
- D. Re-create the API client using the exact name to see the API client secret
Answer: C
NEW QUESTION 27
When creating new IOCs in IOC management, which of the following fields must be configured?
- A. Hash, Platform and Action
- B. Hash, Action and Expiry Date
- C. Filename, Severity and Expiry Date
- D. Hash, Description, Filename
Answer: A
NEW QUESTION 28
On a Windows host, what is the best command to determine if the sensor is currently running?
- A. ping falcon.crowdstrike.com
- B. sc query csagent
- C. netstat -a
- D. This cannot be accomplished with a command
Answer: B
NEW QUESTION 29
Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?
- A. Machine Learning Prevention Monitoring
- B. Sensor Report
- C. Falcon UI Audit Trail
- D. Machine Learning Debug
Answer: A
NEW QUESTION 30
Which of the following can a Falcon Administrator edit in an existing user's profile?
- A. First or Last name
- B. Email address
- C. Working groups
- D. Phone number
Answer: C
NEW QUESTION 31
Which of the following is NOT an available filter on the Hosts Management page?
- A. Group
- B. Username
- C. OS Version
- D. Hostname
Answer: C
NEW QUESTION 32
What impact does disabling detections on a host have on an API?
- A. Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed
- B. Endpoints with detections disabled will not alert on anything until detections are enabled again
- C. DetectionSummaryEvent stops sending to the Streaming API for that host
- D. Endpoints cannot have their detections disabled individually
Answer: A
NEW QUESTION 33
When creating an API client, which of the following must be saved immediately since it cannot be viewed again after the client is created?
- A. Base URL
- B. Client ID
- C. Client name
- D. Secret
Answer: D
NEW QUESTION 34
You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message. What is the best way to update the workflow?
- A. Clone the workflow and replace the existing email with your CISO's email
- B. Add the CISO's email to the existing action
- C. Add a sequential action to send a custom email to your CISO
- D. Add a parallel action to send a custom email to your CISO
Answer: C
NEW QUESTION 35
How can a Falcon Administrator configure a pop-up message to be displayed on a host when the Falcon sensor blocks, kills or quarantines an activity?
- A. By turning on the "Notify End Users" setting at the top of the Prevention policy details configuration page
- B. By ensuring each user has set the "pop-ups allowed" in their User Profile configuration page
- C. By enabling "Upload quarantined files" in the General Settings configuration page
- D. By selecting "Enable pop-up messages" from the User configuration page
Answer: A
NEW QUESTION 36
Where can you modify settings to permit certain traffic during a containment period?
- A. Firewall Settings
- B. Prevention Policy
- C. Containment Policy
- D. Host Settings
Answer: C
NEW QUESTION 37
Which option allows you to exclude behavioral detections from the detections page?
- A. Machine Learning Exclusion
- B. IOC Exclusion
- C. IOA Exclusion
- D. Sensor Visibility Exclusion
Answer: A
NEW QUESTION 38
The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?
- A. Some network configurations, such as deep packet inspection, interfere with certificate validation
- B. SSL inspection should be configured to occur on all Falcon traffic
- C. HTTPS interception should be enabled to proceed with certificate validation
- D. Common sources of interference with certificate pinning include protocol race conditions and resource contention
Answer: A
NEW QUESTION 39
Why is it important to know your company's event data retention limits in the Falcon platform?
- A. You will not be able to search event data into the past beyond your retention period
- B. This is not necessary; you simply select "All Time" in your query to search all data
- C. Data such as process records are kept for a shorter time than event data
- D. Your query will require you to specify the data pool associated with the date you wish to search
Answer: A
NEW QUESTION 40
While a host is Network contained, you need to allow the host to access internal network resources on specific IP addresses to perform patching and remediation. Which configuration would you choose?
- A. Configure a Real Time Response policy allowlist with the specific IP addresses
- B. Configure the Host firewall to allowlist the specific IP addresses
- C. Configure a Containment Policy with the entire internal IP CIDR block
- D. Configure a Containment Policy with the specific IP addresses
Answer: B
NEW QUESTION 41
What is the name for the unique host identifier in Falcon assigned to each sensor during sensor installation?
- A. Endpoint ID (EID)
- B. Security ID (SID)
- C. Agent ID (AID)
- D. Computer ID (CID)
Answer: C
NEW QUESTION 42
Which role will allow someone to manage quarantine files?
- A. Endpoint Manager
- B. Detections Exceptions Manager
- C. Falcon Security Lead
- D. Falcon Analyst - Read Only
Answer: B
NEW QUESTION 43
What command should be run to verify if a Windows sensor is running?
- A. ps -ef | grep falcon
- B. sc query csagent
- C. regedit myfile.reg
- D. netstat -f
Answer: B
NEW QUESTION 44
What is the primary purpose of using glob syntax in an exclusion?
- A. To specify exclusion patterns to easily add files and folders and extensions to be prevented
- B. To specify a Domain be excluded from detections
- C. To specify exclusion patterns to easily exclude files and folders and extensions from detections
- D. To specify a network share be excluded from detections
Answer: C
NEW QUESTION 45
The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon?
- A. Policy alignment is configured in the General Settings section under the Configuration menu
- B. Policy alignment is configured only once during the initial creation of the policy in the "Create New Policy" pop-up window
- C. Policy alignment is configured in the "Host Management" section in the Hosts application
- D. Policy alignment is configured in each policy in the "Assigned Host Groups" tab
Answer: D
NEW QUESTION 46
You have created a Sensor Update Policy for the Mac platform. Which other operating system(s) will this policy manage?
- A. Windows
- B. Both Windows and *nix
- C. Only Mac
- D. *nix
Answer: B
NEW QUESTION 47
How long are detection events kept in Falcon?
- A. Detection events are kept for 90 days
- B. Detections events are kept for your subscribed data retention period
- C. Detection events are kept for 30 days
- D. Detection events are kept for 7 days
Answer: B
NEW QUESTION 48
......
Latest CrowdStrike CCFA-200 Practice Test Questions: https://www.test4sure.com/CCFA-200-pass4sure-vce.html
Apr-2023 Pass CrowdStrike CCFA-200 Exam in First Attempt Easily: https://drive.google.com/open?id=13zJXEkVjCu26SPYDRBUl8kXXAvPPiknP