CrowdStrike CCFA-200 CrowdStrike Certified Falcon Administrator Online Training
CrowdStrike CCFA-200 Online Training
The questions for CCFA-200 were last updated at Feb 16,2025.
- Exam Code: CCFA-200
- Exam Name: CrowdStrike Certified Falcon Administrator
- Certification Provider: CrowdStrike
- Latest update: Feb 16,2025
How do you disable all detections for a host?
- A . Create an exclusion rule and apply it to the machine or group of machines
- B . Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)
- C . You cannot disable all detections on individual hosts as it would put them at risk
- D . In Host Management, select the host and then choose the option to Disable Detections
In order to quarantine files on the host, what prevention policy settings must be enabled?
- A . Malware Protection and Custom Execution Blocking must be enabled
- B . Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabled
- C . Malware Protection and Windows Anti-Malware Execution Blocking must be enabled
- D . Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled
What is the maximum number of patterns that can be added when creating a new exclusion?
- A . 10
- B . 0
- C . 1
- D . 5
Which of the following is TRUE of the Logon Activities Report?
- A . Shows a graphical view of user logon activity and the hosts the user connected to
- B . The report can be filtered by computer name
- C . It gives a detailed list of all logon activity for users
- D . It only gives a summary of the last logon activity for users
You have created a Sensor Update Policy for the Mac platform.
Which other operating system(s) will this policy manage?
- A . *nix
- B . Windows
- C . Both Windows and *nix
- D . Only Mac
You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints.
What is the best way to prevent these in the future?
- A . Contact support and request that they modify the Machine Learning settings to no longer include this detection
- B . Using IOC Management, add the hash of the binary in question and set the action to "Allow"
- C . Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
- D . Using IOC Management, add the hash of the binary in question and set the action to "No Action"
What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?
- A . Falcon console updates are pending
- B . Falcon sensors installing an update
- C . Notifications have been disabled on that host sensor
- D . Microsoft updates
When creating a Host Group for all Workstations in an environment, what is the best method to ensure all workstation hosts are added to the group?
- A . Create a Dynamic Group with Type=Workstation Assignment
- B . Create a Dynamic Group and Import All Workstations
- C . Create a Static Group and Import all Workstations
- D . Create a Static Group with Type=Workstation Assignment
Which role allows a user to connect to hosts using Real-Time Response?
- A . Endpoint Manager
- B . Falcon Administrator
- C . Real Time Responder C Active Responder
- D . Prevention Hashes Manager
Where can you modify settings to permit certain traffic during a containment period?
- A . Prevention Policy
- B . Host Settings
- C . Containment Policy
- D . Firewall Settings
Latest CCFA-200 Dumps Valid Version with 96 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
