CCFA-200B Exam Questions

What type of information is found in the Linux Sensors Dashboard?

Why would you assign hosts to a static group instead of a dynamic group?

What would be the most appropriate action to take if you wanted to prevent a folder from being uploaded to the cloud without disabling uploads globally?

Which of the following uses Regex to create a detection or take a preventative action?

When creating a custom IOA for a specific domain, which syntax would be best for detecting or preventing on all subdomains as well?

What statement is TRUE about managing a user's role?

Which Real Time Response role will allow you to see all analyst session details?

Which command would tell you if a Falcon Sensor was running on a Windows host?

On which page of the Falcon console can one locate the Customer ID (CID)?

After Network Containing a host, your Incident Response team states they are unable to remotely connect to the host. Which of the following would need to be configured to allow rem...

Which of the following controls the speed in which your sensors will receive automatic sensor updates?

Which of the following tools developed by Crowdstrike is intended to help with removal of the CrowdStrike Windows Falcon Sensor?

When a user initiates a sensor installs, where can the logs be found?

After agent installation, an agent opens a permanent___connection over port 443 and keeps that connection open until the endpoint is turned off or the network connection is termina...

Which of the following best describes what the Uninstall and Maintenance Protection setting controls within your Sensor Update Policy?

Which option best describes the general process Whereinstallation of the Falcon Sensor on MacOS?

Where can you find your company's Customer ID (CID)?

A Falcon Administrator is trying to use Real-Time Response to start a session with a host that has a sensor installed but they are unable to connect. What is the most likely cause?

What should be disabled on firewalls so that the sensor's man-in-the-middle attack protection works properly?

When troubleshooting the Falcon Sensor on Windows, what is the correct parameter to output the log directory to a specified file?

You have been asked to troubleshoot why Script Based Execution Monitoring (SBEM) is not enabled on a Falcon host. Which report can be used to determine if this is an issue with an...

What information does the API Audit Trail Report provide?

What three things does a workflow condition consist of?

Where should you look to find the history of the successes and failures for any Falcon Fusion workflows?

In order to quarantine files on the host, what prevention policy settings must be enabled?

You have a new patch server that should be reachable while hosts in your environment are network contained. The server's IP address is static and does not change. Which of the foll...

Which of the following scenarios best describes when you would add IP addresses to the containment policy?

How many days will an inactive host remain visible within the Host Management or Trash pages?

Which of the following pages provides a count of sensors in Reduced Functionality Mode (RFM) by Operating System?

What best describes what happens to detections in the console after clicking "Enable Detections" for a host which previously had its detections disabled?

When a Linux host is in Reduced Functionality Mode (RFM) what telemetry and protection is still offered?

When performing targeted filtering for a host on the Host Management Page, which filter bar attribute is NOT case-sensitive?

What best describes what happens to detections in the console after clicking "Disable Detections" for a host from within the Host Management page?

Which report lists counts of sensors in Reduced Functionality Mode (RFM) for all operating system types, and tracks how long a sensor version will be supported?

Which statement is TRUE regarding disabling detections on a host?

Which of the following is TRUE regarding disabling detections for a host?

What is likely the reason your Windows host would be in Reduced Functionality Mode (RFM)?

Why do Sensor Update policies need to be configured for each OS (Windows, Mac, Linux)?

What is the purpose of the Default Sensor Policy?

What best describes the relationship between Sensor Update policies and Operating Systems?

Which of the following prevention policy settings monitors contents of scripts and shells for execution of malicious content on compatible operating systems?

The Falcon Administrator has created a new prevention policy to apply to the "Servers" group; however, when applying the new prevention policy this group is not appearing in the li...

What is the purpose of the Machine-Learning Prevention Monitoring Report?

You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?

The Customer ID (CID) is important in which of the following scenarios?

What may prevent a user from logging into Falcon via single sign-on (SSO)?

When a host belongs to more than one host group, how is sensor update precedence determined?

A sensor that has not contacted the Falcon cloud will be automatically deleted from the hosts list after how many days?

You have a Windows host on your network in Reduced functionality mode (RFM). While the system is in RFM, which of the following is TRUE?

What can exclusions be applied to?