Which of the following is NOT an available filter on the Hosts Management page?
A. Hostname
B. Username
C. Group
D. OS Version
Correct Answer: B
Username is not an available filter on the Hosts Management page. The Hosts Management page allows you to view and manage all the hosts in your environment that have Falcon sensors installed. You can filter the hosts by hostname, group, OS version, sensor version, last seen date, health events, detections, and preventions. You can also perform actions such as assigning hosts to groups, updating sensor policies, uninstalling sensors, or isolating hosts1. References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike
Question 32:
Which option allows you to exclude behavioral detections from the detections page?
A. Machine Learning Exclusion
B. IOA Exclusion
C. IOC Exclusion
D. Sensor Visibility Exclusion
Correct Answer: B
IOA Exclusion says - Stop all behavioral detections and preventions for an IOA that's based on a CrowdStrike-generated detection. Source: https://falcon.crowdstrike.com/documentation/68/detection-and-prevention- policies#exclusions
Question 33:
The Logon Activities Report includes all of the following information for a particular user EXCEPT __________.
A. the account type for the user (e.g. Domain Administrator, Local User)
B. all hosts the user logged into
C. the logon type (e.g. interactive, service)
D. the last time the user's password was set
Correct Answer: B
Checked in console, it returns only the last machine where the user logged on, so it will not return all the machines that the user was logged on in the desired search
Question 34:
Where in the Falcon console can information about supported operating system versions be found?
A. Configuration module
B. Intelligence module
C. Support module
D. Discover module
Correct Answer: C
Information about supported operating system versions can be found in the Support module in the Falcon console. This module provides access to various support resources, such as documentation, downloads, FAQs, release notes and system status. One of the documents available in this module is the CrowdStrike Sensor Compatibility List, which lists the supported operating system versions for each sensor type and platform. The other options are either incorrect or not related to finding information about supported operating system versions. Reference: CrowdStrike Falcon User Guide, page 26.
Question 35:
You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?
A. Script-based Execution Monitoring
B. Interpreter-Only
C. Additional User Mode Data
D. Engine (Full Visibility)
Correct Answer: A
Turn on the Script-Based Execution Monitoring prevention policy setting to enable the "Falcon sensor to monitor the contents of scripts and shells that are popular mechanisms for executing malicious code on hosts. This setting does not kill or block scripts." Scripting languages: Excel 4.0 macros JScript VBA Macros VBScript The Sensor Visibility setting that should be turned on within the Prevention policy settings to monitor suspicious VBA macros is Script-based Execution Monitoring. Script-based Execution Monitoring is a feature that enables the Falcon sensor to monitor and prevent malicious script execution on Windows systems. The feature uses machine learning and behavioral analysis to detect suspicious scripts or commands executed by various script interpreters, such as PowerShell, WScript, CScript, or Bash. VBA (Visual Basic for Applications) is a scripting language that can be embedded in Microsoft Office documents, such as Word or Excel. VBA macros can be used to automate tasks or perform actions within the documents, but they can also be abused by attackers to deliver malware or execute malicious code. Script-based Execution Monitoring can help detect and prevent such attacks by monitoring the contents of VBA macros for execution of malicious content. References: : [Falcon Administrator Learning Path | Infographic | CrowdStrike]
Question 36:
Which of the following can a Falcon Administrator edit in an existing user's profile?
A. First or Last name
B. Phone number
C. Email address
D. Working groups
Correct Answer: A
Roles are never called 'working groups' in the documentation. The only other option that can be edited on a existing user is first and last name.
Question 37:
With Custom Alerts, it is possible to __________.
A. schedule the alert to run at any interval
B. receive an alert in an email
C. configure prevention actions for alerting
D. be alerted to activity in real-time
Correct Answer: B
The reporting interval is predefined and cannot be changed. You can only enable/disable the custom alert feature and add/remove recipient email client for the alert/detection.
When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?
A. Maintenance token
B. Customer ID (CID)
C. Bulk update key
D. Agent ID (AID)
Correct Answer: A
When uninstalling a sensor, a maintenance token is required if the `Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies. This setting prevents unauthorized or accidental uninstallation of sensors by requiring a token that can be generated from the Falcon console. The other options are either incorrect or not related to uninstalling a sensor. Reference: CrowdStrike Falcon User Guide, page 29.
Question 40:
Where should you look to find the history of the successes and failures for any Falcon Fusion workflows?
A. Workflow Execution log
B. Falcon Ul Audit Trail
C. Workflow Audit log
D. Custom Alert History
Correct Answer: A
The place where you can find the history of the successes and failures for any Falcon Fusion workflows is the Workflow Execution log. The Workflow Execution log in the Workflow Management option allows you to view the status and results of workflow executions triggered by detection events. You can filter the log by workflow name, status, start and end time, and detection ID. You can also view the details of each execution, including the actions performed, the output received, and any errors encountered. This log can help you troubleshoot potential failures or issues with your workflows1. References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CrowdStrike exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCFA-200 exam preparations and CrowdStrike certification application, do not hesitate to visit our Vcedump.com to find your solutions here.