1. Home
  2. CrowdStrike
  3. CCFA-200

CrowdStrike Certified Falcon Administrator

Exam Details

  • Exam Code
    :CCFA-200
  • Exam Name
    :CrowdStrike Certified Falcon Administrator
  • Certification
    :CrowdStrike Falcon Certification Program
  • Vendor
    :CrowdStrike
  • Total Questions
    :96 Q&As
  • Last Updated
    :Apr 29, 2024

CrowdStrike CrowdStrike Falcon Certification Program CCFA-200 Questions & Answers

  • Question 1:

    What command should be run to verify if a Windows sensor is running?

    A. regedit myfile.reg

    B. sc query csagent

    C. netstat -f

    D. ps -ef | grep falcon

  • Question 2:

    What impact does disabling detections on a host have on an API?

    A. Endpoints with detections disabled will not alert on anything until detections are enabled again

    B. Endpoints cannot have their detections disabled individually

    C. DetectionSummaryEvent stops sending to the Streaming API for that host

    D. Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed

  • Question 3:

    What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?

    A. To group hosts with others in the same business unit

    B. To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time

    C. To prioritize the order in which Falcon updates are installed, so that updates are not installed all at once leading to network congestion

    D. To allow the controlled assignment of sensor versions onto specific hosts

  • Question 4:

    Why is the ability to disable detections helpful?

    A. It gives users the ability to set up hosts to test detections and later remove them from the console

    B. It gives users the ability to uninstall the sensor from a host

    C. It gives users the ability to allowlist a false positive detection

    D. It gives users the ability to remove all data from hosts that have been uninstalled

  • Question 5:

    Once an exclusion is saved, what can be edited in the future?

    A. All parts of the exclusion can be changed

    B. Only the selected groups and hosts to which the exclusion is applied can be changed

    C. Only the options to "Detect/Block" and/or "File Extraction" can be changed

    D. The exclusion pattern cannot be changed

  • Question 6:

    Which exclusion pattern will prevent detections on a file at C:\Program Files\My Program\My Files\program.exe?

    A. \Program Files\My Program\My Files\*

    B. \Program Files\My Program\*

    C. *\*

    D. *\Program Files\My Program\*\

  • Question 7:

    When creating new IOCs in IOC management, which of the following fields must be configured?

    A. Hash, Description, Filename

    B. Hash, Action and Expiry Date

    C. Filename, Severity and Expiry Date

    D. Hash, Platform and Action

  • Question 8:

    Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?

    A. Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

    B. Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"

    C. Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group

    D. Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"

  • Question 9:

    How are user permissions set in Falcon?

    A. Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions

    B. Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments

    C. An administrator selects individual granular permissions from the Falcon Permissions List during user creation

    D. Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions

  • Question 10:

    An analyst has reported they are not receiving workflow triggered notifications in the past few days. Where should you first check for potential failures?

    A. Custom Alert History

    B. Workflow Execution log

    C. Workflow Audit log

    D. Falcon UI Audit Trail

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CrowdStrike exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCFA-200 exam preparations and CrowdStrike certification application, do not hesitate to visit our Vcedump.com to find your solutions here.