CrowdStrike CCFA-200 CrowdStrike Certified Falcon Administrator Online Training
CrowdStrike CCFA-200 Online Training
The questions for CCFA-200 were last updated at Apr 21,2025.
- Exam Code: CCFA-200
- Exam Name: CrowdStrike Certified Falcon Administrator
- Certification Provider: CrowdStrike
- Latest update: Apr 21,2025
Which of the following is a valid step when troubleshooting sensor installation failure?
- A . Confirm all required services are running on the system
- B . Enable the Windows firewall
- C . Disable SSL and TLS on the host
- D . Delete any available application crash log files
How many "Auto" sensor version update options are available for Windows Sensor Update Policies?
- A . 1
- B . 2
- C . 0
- D . 3
Where in the Falcon console can information about supported operating system versions be found?
- A . Configuration module
- B . Intelligence module
- C . Support module
- D . Discover module
Under which scenario can Sensor Tags be assigned?
- A . While triaging a detection
- B . While managing hosts in the Falcon console
- C . While updating a sensor in the Falcon console
- D . While installing a sensor
How can a Falcon Administrator configure a pop-up message to be displayed on a host when the Falcon sensor blocks, kills or quarantines an activity?
- A . By ensuring each user has set the "pop-ups allowed" in their User Profile configuration page
- B . By enabling "Upload quarantined files" in the General Settings configuration page
- C . By turning on the "Notify End Users" setting at the top of the Prevention policy details configuration page
- D . By selecting "Enable pop-up messages" from the User configuration page
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode."
What setting can you use to reduce false positives on this file path?
- A . USB Device Policy
- B . Firewall Rule Group
- C . Containment Policy
- D . Machine Learning Exclusions
What is the primary purpose of using glob syntax in an exclusion?
- A . To specify a Domain be excluded from detections
- B . To specify exclusion patterns to easily exclude files and folders and extensions from detections
- C . To specify exclusion patterns to easily add files and folders and extensions to be prevented
- D . To specify a network share be excluded from detections
Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?
- A . Next-Gen Antivirus (NGAV) protection
- B . Adware and Potentially Unwanted Program detection and prevention
- C . Real-time offline protection
- D . Identification and analysis of unknown executables
On a Windows host, what is the best command to determine if the sensor is currently running?
- A . sc query csagent
- B . netstat -a
- C . This cannot be accomplished with a command
- D . ping falcon.crowdstrike.com
Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host.
Which role do you need added to your user account to have this capability?
- A . Real Time Responder
- B . Endpoint Manager
- C . Falcon Investigator
- D . Remediation Manager
Latest CCFA-200 Dumps Valid Version with 96 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
