CCFA-200B Exam Questions

What is the function of a single asterisk (*) in an ML exclusion pattern?

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a...

What is the purpose of a containment policy?

An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. W...

What must an admin do to reset a user's password?

Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host...

When creating new IOCs in IOC management, which of the following fields must be configured?

Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the ho...

One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is...

Why is it important to know your company's event data retention limits in the Falcon platform?

What is the purpose of precedence with respect to the Sensor Update policy?

When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?

How can a Falcon Administrator configure a pop-up message to be displayed on a host when the Falcon sensor blocks, kills or quarantines an activity?

Where in the Falcon console can information about supported operating system versions be found?

What is the name for the unique host identifier in Falcon assigned to each sensor during sensor installation?

Which of the following is a valid step when troubleshooting sensor installation failure?

You need to export a list of all deletions for a specific Host Name in the last 24 hours. What is the best way to do this?

Which role will allow someone to manage quarantine files?

What is the maximum number of patterns that can be added when creating a new exclusion?

You are evaluating the most appropriate Prevention Policy Machine Learning slider settings for your environment. In your testing phase, you configure the Detection slider as Aggres...

How do you disable all detections for a host?

To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

Which role is required to manage groups and policies in Falcon?

Which of the following can a Falcon Administrator edit in an existing user's profile?

You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded. In the Sensor Update policy, w...

What is the goal of a Network Containment Policy?

Which of the following applies to Custom Blocking Prevention Policy settings?

How many "Auto" sensor version update options are available for Windows Sensor Update Policies?

The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon?

How long are detection events kept in Falcon?

What information is provided in Logan Activities under Visibility Reports?

What can the Quarantine Manager role do?

On the Host management page which filter could be used to quickly identify all devices categorized as a "Workstation" by the Falcon Platform?

Where in the console can you find a list of all hosts in your environment that are in Reduced Functionality Mode (RFM)?

An inactive host that does not contact the Falcon cloud will be automatically removed from the Host Management and Trash pages after how many days?

When editing an existing IOA exclusion, what can NOT be edited?

Which of the follow should be used with extreme caution because it may introduce additional security risks such as malware or other attacks which would not be recorded, detected, o...

Which of the following is NOT an available action for an API Client?

How can a API client secret be viewed after it has been created?

What will happen to a host if it is not assigned a Sensor Update policy?

Which statement describes what is recommended for the Default Sensor Update policy?

Where do you obtain the Windows sensor installer for CrowdStrike Falcon?

When configuring a specific prevention policy, the admin can align the policy to two different types of groups, Host Groups and which other?

Which role allows a user to connect to hosts using Real-Time Response?

You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. Which of the following parameters can be used...

How can you find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days?

In order to quarantine files on the host, what prevention policy settings must be enabled?

Why is it critical to have separate sensor update policies for Windows/Mac/*nix?

How do you assign a policy to a specific group of hosts?