CrowdStrike Certified Falcon Administrator
Last Update May 6, 2024
Total Questions : 153
We are offering FREE CCFA-200 CrowdStrike exam questions. All you do is to just go and sign up. Give your details, prepare CCFA-200 free exam questions and then go for complete pool of CrowdStrike Certified Falcon Administrator test questions that will help you more.
The Falcon Administrator has created a new prevention policy to apply to the "Servers" group; however, when applying the new prevention policy this group is not appearing in the list of available groups. What is the most likely issue?
You need to export a list of all deletions for a specific Host Name in the last 24 hours. What is the best way to do this?
Which of the following applies to Custom Blocking Prevention Policy settings?
What best describes what happens to detections in the console after clicking "Disable Detections" for a host from within the Host Management page?
After Network Containing a host, your Incident Response team states they are unable to remotely connect to the host. Which of the following would need to be configured to allow remote connections from specified IP's?
Where can you modify settings to permit certain traffic during a containment period?
When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?
When creating a custom IOA for a specific domain, which syntax would be best for detecting or preventing on all subdomains as well?
A Falcon Administrator is trying to use Real-Time Response to start a session with a host that has a sensor installed but they are unable to connect. What is the most likely cause?
The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon?
An analyst has reported they are not receiving workflow triggered notifications in the past few days. Where should you first check for potential failures?
What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform?
When a host belongs to more than one host group, how is sensor update precedence determined?
What is the maximum number of patterns that can be added when creating a new exclusion?
To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?
Why is it critical to have separate sensor update policies for Windows/Mac/*nix?
Which of the following controls the speed in which your sensors will receive automatic sensor updates?
Where in the Falcon console can information about supported operating system versions be found?
Which Real Time Response role will allow you to see all analyst session details?
Which of the following is NOT an available filter on the Hosts Management page?
Why do Sensor Update policies need to be configured for each OS (Windows, Mac, Linux)?
Which of the following scenarios best describes when you would add IP addresses to the containment policy?
You have created a Sensor Update Policy for the Mac platform. Which other operating system(s) will this policy manage?
When a Linux host is in Reduced Functionality Mode (RFM) what telemetry and protection is still offered?
Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?
Which of the following is TRUE regarding Falcon Next-Gen AntiVirus (NGAV)?
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?
You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?
Which is a filter within the Host setup and management > Host management page?
You have been asked to troubleshoot why Script Based Execution Monitoring (SBEM) is not enabled on a Falcon host. Which report can be used to determine if this is an issue with an old prevention policy?
When the Notify End Users policy setting is turned on, which of the following is TRUE?