• Home
  • Articles
  • CCFA-200 Practice Exams and Training Solutions for Certifications [Q49-Q67]

CCFA-200 Practice Exams and Training Solutions for Certifications [Q49-Q67]

Share

CCFA-200 Practice Exams and Training Solutions for Certifications

Dumps Free Test Engine Player Verified Answers


Earning the CrowdStrike CCFA-200 certification demonstrates a professional's proficiency in managing and maintaining CrowdStrike Falcon, a critical skill in the cybersecurity industry. The certification validates a candidate's knowledge and expertise in configuring and managing Falcon, investigating and responding to security incidents, and using the platform to protect organizations from cyber threats. As the threat landscape continues to evolve, the CrowdStrike CCFA-200 certification is an essential credential for professionals looking to advance their careers in cybersecurity.

 

NEW QUESTION # 49
Which role will allow someone to manage quarantine files?

  • A. Falcon Analyst - Read Only
  • B. Detections Exceptions Manager
  • C. Endpoint Manager
  • D. Falcon Security Lead

Answer: B


NEW QUESTION # 50
Which of the following roles allows a Falcon user to create Real Time Response Custom Scripts?

  • A. Real Time Responder - Read Only Analyst
  • B. Real Time Responder - Active Responder
  • C. Real Time Responder - Script Developer
  • D. Real Time Responder - Administrator

Answer: C


NEW QUESTION # 51
The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon?

  • A. Policy alignment is configured in the General Settings section under the Configuration menu
  • B. Policy alignment is configured in each policy in the "Assigned Host Groups" tab
  • C. Policy alignment is configured only once during the initial creation of the policy in the "Create New Policy" pop-up window
  • D. Policy alignment is configured in the "Host Management" section in the Hosts application

Answer: B


NEW QUESTION # 52
You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they are not allowed to run in your environment. You have chosen to use Falcon to do this. Which is the best way to accomplish this?

  • A. Using the Support Portal, create a support ticket and include the list of binary hashes, asking support to create an "Execution Prevention" rule to prevent these processes from running
  • B. Using IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking.
  • C. Using the API, gather the list of SHA256 or MD5 hashes for each binary and then upload them, setting them all to "Never Allow"
  • D. Using Custom Alerts in the Investigate App, create a new alert using the template "Process Execution" and within that rule, select the option to "Block Execution"

Answer: B


NEW QUESTION # 53
What impact does disabling detections on a host have on an API?

  • A. Endpoints cannot have their detections disabled individually
  • B. Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed
  • C. DetectionSummaryEvent stops sending to the Streaming API for that host
  • D. Endpoints with detections disabled will not alert on anything until detections are enabled again

Answer: B


NEW QUESTION # 54
What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform?

  • A. Event trigger(s)
  • B. Predefined workflow template(s)
  • C. Trigger, condition(s) and action(s)
  • D. For - While statement(s)

Answer: C


NEW QUESTION # 55
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?

  • A. Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
  • B. Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"
  • C. Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"
  • D. Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

Answer: D


NEW QUESTION # 56
To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

  • A. Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only
  • B. Using IOC management, import the list of hashes and IP addresses and set the action to No Action
  • C. Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead
  • D. Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block

Answer: D


NEW QUESTION # 57
Which of the following is a valid step when troubleshooting sensor installation failure?

  • A. Disable SSL and TLS on the host
  • B. Delete any available application crash log files
  • C. Enable the Windows firewall
  • D. Confirm all required services are running on the system

Answer: D


NEW QUESTION # 58
When creating new IOCs in IOC management, which of the following fields must be configured?

  • A. Filename, Severity and Expiry Date
  • B. Hash, Description, Filename
  • C. Hash, Action and Expiry Date
  • D. Hash, Platform and Action

Answer: D


NEW QUESTION # 59
You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded. In the Sensor Update policy, which is the best Sensor version option to achieve these requirements?

  • A. Auto - TEST-QA
  • B. Specific sensor version number
  • C. Sensor version updates off
  • D. Auto - N-1

Answer: B


NEW QUESTION # 60
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?

  • A. The API client secret can be viewed from the Edit API client pop-up box
  • B. Re-create the API client using the exact name to see the API client secret
  • C. The API client secret cannot be retrieved after it has been created
  • D. Enable the Client Secret column to reveal the API client secret

Answer: D


NEW QUESTION # 61
How do you find a list of inactive sensors?

  • A. Run the Inactive Sensor Report in the Host setup and management option
  • B. A sensor is always considered active until removed by an Administrator
  • C. Run the Sensor Aging Report within the Investigate option
  • D. The Falcon platform does not provide reporting for inactive sensors

Answer: A


NEW QUESTION # 62
Which of the following is TRUE regarding Falcon Next-Gen AntiVirus (NGAV)?

  • A. Falcon NGAV relies on signature-based detections
  • B. The Detection sliders cannot be set to a value less aggressive than the Prevention sliders
  • C. Activating Falcon NGAV will also enable all detection and prevention settings in the entire policy
  • D. Falcon NGAV is not a replacement for Windows Defender or other antivirus programs

Answer: D


NEW QUESTION # 63
What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?

  • A. To prioritize the order in which Falcon updates are installed, so that updates are not installed all at once leading to network congestion
  • B. To allow the controlled assignment of sensor versions onto specific hosts
  • C. To group hosts with others in the same business unit
  • D. To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time

Answer: B


NEW QUESTION # 64
With Custom Alerts, it is possible to __________.

  • A. configure prevention actions for alerting
  • B. schedule the alert to run at any interval
  • C. be alerted to activity in real-time
  • D. receive an alert in an email

Answer: B


NEW QUESTION # 65
If a user wanted to install an older version of the Falcon sensor, how would they find the older installer file?

  • A. Older versions of the sensor are not available for download
  • B. By installing the current sensor and clicking the "downgrade" button during the install
  • C. By clicking on "Older versions" links under the Host setup and management > Deploy > Sensor downloads
  • D. By emailing CrowdStrike support at [email protected]

Answer: C


NEW QUESTION # 66
Why is it important to know your company's event data retention limits in the Falcon platform?

  • A. This is not necessary; you simply select "All Time" in your query to search all data
  • B. You will not be able to search event data into the past beyond your retention period
  • C. Data such as process records are kept for a shorter time than event data
  • D. Your query will require you to specify the data pool associated with the date you wish to search

Answer: B


NEW QUESTION # 67
......

Q&As with Explanations Verified & Correct Answers: https://actualtest.updatedumps.com/CrowdStrike/CCFA-200-updated-exam-dumps.html

Related Articles

more
CrowdStrike CCFA-200 Certification Practice Exam