CCFA-200B Exam Questions
252 real CCFA-200B exam questions with expert-verified answers and explanations. Page 1 of 6.
- Question #1
What command should be run to verify if a Windows sensor is running?
- Question #2
Which option allows you to exclude behavioral detections from the detections page?
- Question #3
What are custom alerts based on?
- Question #4
When creating an API client, which of the following must be saved immediately since it cannot be viewed again after the client is created?
- Question #5
You notice there are multiple Windows hosts in Reduced functionality mode (RFM). What is the most likely culprit causing these hosts to be in RFM?
- Question #6
Which of the following is TRUE of the Logon Activities Report?
- Question #7
Which of the following roles allows a Falcon user to create Real Time Response Custom Scripts?
- Question #8
What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform?
- Question #9
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?
- Question #10
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?
- Question #11
What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?
- Question #12
On which page of the Falcon console would you create sensor groups?
- Question #13
While a host is Network contained, you need to allow the host to access internal network resources on specific IP addresses to perform patching and remediation. Which configuration...
- Question #14
Which of the following is TRUE regarding Falcon Next-Gen AntiVirus (NGAV)?
- Question #15
What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?
- Question #16
What impact does disabling detections on a host have on an API?
- Question #17
Under which scenario can Sensor Tags be assigned?
- Question #18
Custom IOA rules are defined using which syntax?
- Question #19
With Custom Alerts, it is possible to __________.
- Question #20
How do you assign a Prevention policy to one or more hosts?
- Question #21
You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they...
- Question #22
Which exclusion pattern will prevent detections on a file at C:\Program Files\My Program\My Files\program.exe?
- Question #23
When a host is placed in Network Containment, which of the following is TRUE?
- Question #24
When would the No Action option be assigned to a hash in IOC Management?
- Question #25
In order to exercise manual control over the sensor upgrade process, as well as prevent unauthorized users from uninstalling or upgrading the sensor, which settings in the Sensor U...
- Question #26
Once an exclusion is saved, what can be edited in the future?
- Question #27
Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?
- Question #28
How do you find a list of inactive sensors?
- Question #29
Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?
- Question #30
Why is the ability to disable detections helpful?
- Question #31
The Logon Activities Report includes all of the following information for a particular user EXCEPT __________.
- Question #32
An analyst has reported they are not receiving workflow triggered notifications in the past few days. Where should you first check for potential failures?
- Question #33
You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customi...
- Question #34
Which of the following is NOT an available filter on the Hosts Management page?
- Question #35
What is the primary purpose of using glob syntax in an exclusion?
- Question #36
How are user permissions set in Falcon?
- Question #37
Which of the following is NOT a way to determine the sensor version installed on a specific endpoint?
- Question #38
Which is the correct order for manually installing a Falcon Package on a macOS system?
- Question #39
You are beginning the rollout of the Falcon Sensor for the first time side-by-side with your existing security solution. You need to configure the Machine Learning levels of the Pr...
- Question #40
How does the Unique Hosts Connecting to Countries Map help an administrator?
- Question #41
On a Windows host, what is the best command to determine if the sensor is currently running?
- Question #42
The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?
- Question #43
Which is a filter within the Host setup and management > Host management page?
- Question #44
When creating a Host Group for all Workstations in an environment, what is the best method to ensure all workstation hosts are added to the group?
- Question #45
When the Notify End Users policy setting is turned on, which of the following is TRUE?
- Question #46
If a user wanted to install an older version of the Falcon sensor, how would they find the older installer file?
- Question #47
Which of the following best describes the Default Sensor Update policy?
- Question #48
Under the "Next-Gen Antivirus: Cloud Machine Learning" setting there are two categories, one of them is "Cloud Anti-Malware" and the other is:
- Question #49
You have created a Sensor Update Policy for the Mac platform. Which other operating system(s) will this policy manage?
- Question #50
Which of the following Machine Learning (ML) sliders will only detect or prevent high confidence malicious items?