What is the maximum number of patterns that can be added when creating a new exclusion?
A. 10
B. 0
C. 1
D. 5
Correct Answer: C
The maximum number of patterns that can be added when creating a new exclusion is one. Each exclusion can only have one pattern, which can be a file path, a hash, a command line or a user name. The other options are either incorrect or not related to creating exclusions. Reference: CrowdStrike Falcon User Guide, page 37.
Question 72:
An inactive host that does not contact the Falcon cloud will be automatically removed from the Host Management and Trash pages after how many days?
A. 45 Days
B. 60 Days
C. 75 Days
D. 90 Days
Correct Answer: D
An inactive host that does not contact the Falcon cloud will be automatically removed from the Host Management and Trash pages after 90 days. An inactive host is a host that has not communicated with the Falcon platform for more than seven days. An inactive host will be moved from the Host Management page to the Trash page after seven days of inactivity. An inactive host will remain in the Trash page for 90 days before being permanently deleted from the Falcon platform. You can restore an inactive host from the Trash page if it becomes active again within 90 days1. References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike
Question 73:
How do you disable all detections for a host?
A. Create an exclusion rule and apply it to the machine or group of machines
B. Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)
C. You cannot disable all detections on individual hosts as it would put them at risk
D. In Host Management, select the host and then choose the option to Disable Detections
Correct Answer: D
The administrator can disable all detections for a host by selecting the host and then choosing the option to Disable Detections in the Host Management page. This will prevent the host from sending any detection events to the Falcon Cloud. The other options are either incorrect or not available. Reference: [CrowdStrike Falcon User Guide], page 32.
Question 74:
What can exclusions be applied to?
A. Individual hosts selected by the administrator
B. Either all hosts or specified groups
C. Only the default host group
D. Only the groups selected by the administrator
Correct Answer: B
The option that describes what exclusions can be applied to is that exclusions can be applied to either all hosts or specified groups. An exclusion is a rule that defines what files, folders, processes, IP addresses, or domains should be
excluded from detection or prevention by the Falcon sensor. You can create and manage exclusions in the Exclusions page in the Falcon console. You can apply exclusions to either all hosts in your environment or to specific host groups that
you select. You cannot apply exclusions to individual hosts selected by the administrator.
B. Manage quarantined files to release and download
C. Manage detection settings
D. Manage roles and users
Correct Answer: B
The Quarantine Manager role can manage quarantined files to release and download. This role allows users to view and search quarantined files, as well as release them from quarantine or download them for further analysis. The other roles do not have this capability. Reference: [CrowdStrike Falcon User Guide], page 19.
Question 76:
The Customer ID (CID) is important in which of the following scenarios?
A. When adding a user to the Falcon console under the Users application
B. When performing the sensor installation process
C. When setting up API keys
D. When performing a Host Search
Correct Answer: B
The Customer ID (CID) is important in which of the following scenarios: when performing the sensor installation process and when setting up API keys. The CID is a unique identifier for your organization that is required for authenticating your sensor installation and communication with the Falcon cloud. You need to provide your CID when installing the Falcon sensor on a host, either by using a command-line parameter or by using the falconctl tool. The CID is also required for setting up API keys, which are used for accessing the Falcon platform programmatically via the Falcon APIs. You need to provide your CID when creating an API client and key in the API Clients and Keys page in the Falcon console. References: : [Cybersecurity Resources | CrowdStrike]
Question 77:
Which exclusion pattern will prevent detections on a file at C:\Program Files\My Program\My Files\program.exe?
A. \Program Files\My Program\My Files\*
B. \Program Files\My Program\*
C. *\*
D. *\Program Files\My Program\*\
Correct Answer: A
The exclusion pattern that will prevent detections on a file at C:\Program Files\My Program\My Files\program.exe is \Program Files\My Program\My Files*. This pattern will match any file under the My Files folder, including program.exe, and exclude them from detections. The other patterns are either incorrect or too broad to prevent detections on this specific file. Reference: [CrowdStrike Falcon User Guide], page 37.
Question 78:
How are user permissions set in Falcon?
A. Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions
B. Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments
C. An administrator selects individual granular permissions from the Falcon Permissions List during user creation
D. Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions
Correct Answer: B
User permissions are set in Falcon by assigning pre-defined permissions to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments. Roles are collections of permissions that define what users can see and do in Falcon. Permissions are granular actions that allow users to access specific features or functions in Falcon. For example, a user who is assigned both the Falcon Administrator role and the Falcon Investigator role will have all the permissions from both roles2. References: 2: Cybersecurity Resources | CrowdStrike
Question 79:
What is the goal of a Network Containment Policy?
A. Increase the aggressiveness of the assigned prevention policy
B. Limit the impact of a compromised host on the network
C. Gain more visibility into network activities
D. Partition a network for privacy
Correct Answer: B
The goal of a Network Containment Policy is to limit the impact of a compromised host on the network. This policy allows users to isolate a host from the network, while still allowing it to communicate with the Falcon Cloud and other essential
services. This can help prevent further damage or data exfiltration from a compromised host. The other options are either incorrect or not related to the policy. Reference:
[CrowdStrike Falcon User Guide], page 40.
Question 80:
Where can you modify settings to permit certain traffic during a containment period?
A. Prevention Policy
B. Host Settings
C. Containment Policy
D. Firewall Settings
Correct Answer: C
The administrator can modify settings to permit certain traffic during a containment period by creating or editing a Containment Policy. This policy allows users to specify which ports, protocols and IP addresses are allowed or blocked during network containment. The other options are either incorrect or not related to network containment. Reference: [CrowdStrike Falcon User Guide], page 40.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CrowdStrike exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCFA-200 exam preparations and CrowdStrike certification application, do not hesitate to visit our Vcedump.com to find your solutions here.