CCFA-200B Exam Questions

Which report would show you an overview of the top ten most-applied policies by sensors in your environment?

There are a significant number of false positive detections from your developers that are getting blocked and quarantined by Falcon. What Indicator of Compromise (IOC) action would...

From the Host management page, what is the best field to filter by for Domain Controllers to obtain sensor version information?

You have been asked by your Server management team to provide a list of all Servers that have a "TIER3" Sensor grouping tag. What method will allow you to export a .csv file with t...

Which default user role will allow you to see all analyst session details?

Where would you apply a configuration to allow IP addresses over which your hosts will always be allowed to communicate, even if a host is contained?

Which ML exclusion pattern would be the most accurate for all .exe binaries in "C:\Program Files\Software\", including any subfolders of Software?

You can create Fusion SOAR workflows to precisely define the actions you want Falcon to perform in response to incidents. Which three items must be defined in every trigger so that...

When an API client is created, what two pieces of information must be generated as a pair to successfully identify and validate your API integrations?

You will be testing detections with pentest and security tooling on your host. How can a workflow be created to automatically assign any detection related to your pentest to yourse...

What best describes the effect of disabling detections for a host?

To improve the organization's security posture, you are designing a Fusion SOAR workflow to generate an alert when critical vulnerabilities are detected by Falcon. When creating a...

What log would you use to investigate unusual activity involved with a script interfacing with the Falcon platform?

What happens to detections in the console after clicking "Disable Detections" for a host from within the Host Management page?

You are tasked with creating a "Workstations" host group to encompass ALL workstations in your environment. Which dynamic grouping criteria would best accomplish this task?

How can you search for multiple hostnames at the same time via Host Management?

Which setting inside the Sensor Update Policy prevents unauthorized uninstallation?

As a Falcon Administrator, you would like to tune your Prevention Policies and compare the number of detections that would have resulted in the last 30 days depending on which dete...

What happens when a Falcon Sensor on a Linux host enters Reduced Functionality Mode (RFM)?

A server was added to a new host group that has a different sensor update and prevention policy applied. Even though the server has been online for more than 30 minutes, the polici...

By default, how many days without successful communication must pass before a host no longer appears in the Falcon console?

After successfully installing Falcon on a new employee's laptop, you notice that the machine is assigned the default prevention policy instead of the custom prevention policy you c...

You are creating a new host group that needs to contain all of the servers in your environment regardless of the installed operating system. Which filter should be applied to the g...

Which report provides a filterable high-level overview of host information such as OS version, Device Type and Machine Domain, and also provides an active sensor heat map for a qui...

Which statement best describes user permissions in Falcon?

Detections related to a penetration test on a particular server are currently generating thousands of entries in the console. Your leadership does not need to track the detections...

What could cause your Windows host to be in Reduced Functionality Mode (RFM)?

What are the three required parts of a Fusion SOAR workflow condition?

What is the primary concern with Windows sensors going into Reduced Functionality Mode (RFM)?

What information can be found in the Real Time Response (RTR) Audit Log?

You are deploying the Falcon sensor to a total of 500 hosts. Hosts in an Organizational Unit (OU) will need a specific exclusion that was previously identified. This OU is expected...

Using Host setup and management inside the Falcon Console, how can you display sensors in Reduced Functionality Mode (RFM)?

What default user role can manage API credentials?

A host has been Network contained with Falcon and you have been asked to update the Operating System with zero day patches. You have tried using your patch update systems for this...

You want to add an additional layer of security to high-risk RTR commands for your environment. Where would you configure MFA for RTR within the UI?

Your security team is noticing that certain privacy-sensitive information such as the URL, HTTP Header and POST bodies are missing from HTTP related detections. What is likely the...

When creating a machine learning exclusion with glob syntax, what are the three items you can target for exclusion?

Where can you find hosts that have been offline for ten minutes or longer?

What are the two automated triggers that cause a Fusion SOAR workflow to run?

What are the required components to manually install Falcon Sensor on MacOS?

You need to create a rule to block all process executions of Telegram in your environment. Which custom IOA rule configuration would accomplish this?

What is true about User Accounts created by the Falcon Administrator?

You have created a new static host group to test a newly created sensor update policy, and need to add 500 servers into the group. You want to upload a list of hosts to Falcon for...

Leadership has asked for a monthly report on number of hosts by OS version, device type, and geographic location. What dashboard option includes this information?

You need to be aware of which policies are the most used as new hosts are being added to your CID. Where could you easily find a review of the top ten sensor update, prevention, an...

Your incident responder team is in the process of migrating their existing workflows into Fusion SOAR workflows so that they will execute natively in Falcon. The team reports the w...

To test a new Falcon sensor version, you have created a new sensor update policy and two separate dynamic host groups. One group contains all test Windows servers. The other group...

How would you reset an API secret?

During a simulated training exercise with your security team, an analyst used Falcon to network contain a host. It was then discovered that containing this specific host interrupte...

Which prevention policy setting monitors contents of scripts and shells for execution of malicious content?