CrowdStrike CCFA-200 CrowdStrike Certified Falcon Administrator Online Training
CrowdStrike CCFA-200 Online Training
The questions for CCFA-200 were last updated at Apr 23,2025.
- Exam Code: CCFA-200
- Exam Name: CrowdStrike Certified Falcon Administrator
- Certification Provider: CrowdStrike
- Latest update: Apr 23,2025
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?
- A . TCP port 22 (SSH)
- B . TCP port 443 (HTTPS)
- C . TCP port 80 (HTTP)
- D . TCP UDP port 53 (DNS)
What type of information is found in the Linux Sensors Dashboard?
- A . Hosts by Kernel Version, Shells spawned by Root, Wget/Curl Usage
- B . Hidden File execution, Execution of file from the trash, Versions Running with ComputerNames
- C . Versions running, Directory Made Invisible to Spotlight, Logging/Auditing Referenced, Viewed, or Modified
- D . Private Information Accessed, Archiving Tools C Exfil, Files Made Executable
How long are detection events kept in Falcon?
- A . Detection events are kept for 90 days
- B . Detections events are kept for your subscribed data retention period
- C . Detection events are kept for 7 days
- D . Detection events are kept for 30 days
What can the Quarantine Manager role do?
- A . Manage and change prevention settings
- B . Manage quarantined files to release and download
- C . Manage detection settings
- D . Manage roles and users
How do you find a list of inactive sensors?
- A . The Falcon platform does not provide reporting for inactive sensors
- B . A sensor is always considered active until removed by an Administrator
- C . Run the Inactive Sensor Report in the Host setup and management option
- D . Run the Sensor Aging Report within the Investigate option
The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks.
Which statement is TRUE concerning Falcon sensor certificate validation?
- A . SSL inspection should be configured to occur on all Falcon traffic
- B . Some network configurations, such as deep packet inspection, interfere with certificate validation
- C . HTTPS interception should be enabled to proceed with certificate validation
- D . Common sources of interference with certificate pinning include protocol race conditions and resource contention
You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message.
What is the best way to update the workflow?
- A . Clone the workflow and replace the existing email with your CISO’s email
- B . Add a sequential action to send a custom email to your CISO
- C . Add a parallel action to send a custom email to your CISO
- D . Add the CISO’s email to the existing action
You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they are not allowed to run in your environment. You have chosen to use Falcon to do this.
Which is the best way to accomplish this?
- A . Using the Support Portal, create a support ticket and include the list of binary hashes, asking support to create an "Execution Prevention" rule to prevent these processes from running
- B . Using Custom Alerts in the Investigate App, create a new alert using the template"Process Execution" and within that rule, select the option to "Block Execution"
- C . Using IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking.
- D . Using the API, gather the list of SHA256 or MD5 hashes for each binary and then upload them, setting them all to "Never Allow"
Which is a filter within the Host setup and management > Host management page?
- A . User name
- B . OU
- C . BIOS Version
- D . Locality
How do you assign a Prevention policy to one or more hosts?
- A . Create a new policy and assign it directly to those hosts on the Host Management page
- B . Modify the users roles on the User Management page
- C . Ensure the hosts are in a group and assign that group to a custom Prevention policy
- D . Create a new policy and assign it directly to those hosts on the Prevention policy page
Latest CCFA-200 Dumps Valid Version with 96 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
