Exam Details

  • Exam Code
    :CCFA-200
  • Exam Name
    :CrowdStrike Certified Falcon Administrator
  • Certification
    :CrowdStrike Falcon Certification Program
  • Vendor
    :CrowdStrike
  • Total Questions
    :152 Q&As
  • Last Updated
    :Dec 22, 2024

CrowdStrike CrowdStrike Falcon Certification Program CCFA-200 Questions & Answers

  • Question 1:

    You need to export a list of all deletions for a specific Host Name in the last 24 hours. What is the best way to do this?

    A. Go to Host Management in the Host page. Select the host and use the Export Detections button

    B. Utilize the Detection Resolution Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detection Resolution History" section

    C. In the Investigate module, access the Detection Activity page. Use the filters to focus on the appropriate hostname and time, then export the results

    D. Utilize the Detection Activity Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detections by Host" section

  • Question 2:

    What should be disabled on firewalls so that the sensor's man-in-the-middle attack protection works properly?

    A. Deep packet inspection

    B. Linux Sub-System

    C. PowerShell

    D. Windows Proxy

  • Question 3:

    Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?

    A. Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

    B. Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"

    C. Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

    D. Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"

  • Question 4:

    What will happen to a host if it is not assigned a Sensor Update policy?

    A. The host will uninstall the Sensor and provide an alert to the installation team

    B. The host will automatically update to the newest sensor version and auto-update to future release

    C. The host will automatically create a custom Sensor Update policy

    D. The host will use the Default Sensor Update policy

  • Question 5:

    When creating an API client, which of the following must be saved immediately since it cannot be viewed again after the client is created?

    A. Base URL

    B. Secret

    C. Client ID

    D. Client name

  • Question 6:

    To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

    A. Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead

    B. Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only

    C. Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block

    D. Using IOC management, import the list of hashes and IP addresses and set the action to No Action

  • Question 7:

    You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded. In the Sensor Update policy, which is the best Sensor version option to achieve these requirements?

    A. Specific sensor version number

    B. Auto - TEST-QA

    C. Sensor version updates off

    D. Auto - N-1

  • Question 8:

    When troubleshooting the Falcon Sensor on Windows, what is the correct parameter to output the log directory to a specified file?

    A. LOG=log.txt

    B. \log log.txt

    C. C:\CSSensorlnstall\LogFiles

    D. /log log.txt

  • Question 9:

    On which page of the Falcon console would you create sensor groups?

    A. User management

    B. Sensor update policies

    C. Host management

    D. Host groups

  • Question 10:

    What would be the most appropriate action to take if you wanted to prevent a folder from being uploaded to the cloud without disabling uploads globally?

    A. A Machine Learning exclusion

    B. A Sensor Visibility exclusion

    C. An IOA exclusion

    D. A Custom IOC entry

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CrowdStrike exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCFA-200 exam preparations and CrowdStrike certification application, do not hesitate to visit our Vcedump.com to find your solutions here.