20:00

PDF|

Guide for CrowdStrike-CCFA-200

Quiz CrowdStrike-CCFA-200

10/153 Questions|Updated on 2022/11/04
Free Test
/ 10

Quiz

1/10
What is the function of a single asterisk (*) in an ML exclusion pattern?
Select the answer
1 correct answer
A.
The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path
B.
The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path
C.
The single asterisk is the insertion point for the variable list that follows the path
D.
The single asterisk is only used to start an expression, and it represents the drive letter

Quiz

2/10
You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?
Select the answer
1 correct answer
A.
Contact support and request that they modify the Machine Learning settings to no longer include this detection
B.
Using IOC Management, add the hash of the binary in question and set the action to "Allow"
C.
Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
D.
Using IOC Management, add the hash of the binary in question and set the action to "No Action"

Quiz

3/10
What is the purpose of a containment policy?
Select the answer
1 correct answer
A.
To define which Falcon analysts can contain endpoints
B.
To define the duration of Network Containment
C.
To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)
D.
To define allowed IP addresses over which your hosts will communicate when contained

Quiz

4/10
An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?
Select the answer
1 correct answer
A.
File exclusions are not aligned to groups or hosts
B.
There is a limit of three groups of hosts applied to any exclusion
C.
There is no limit and exclusions can be applied to any or all groups
D.
Each exclusion can be aligned to only one group of hosts

Quiz

5/10
Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?
Select the answer
1 correct answer
A.
Real Time Responder
B.
Endpoint Manager
C.
Falcon Investigator
D.
Remediation Manager

Quiz

6/10
What must an admin do to reset a user's password?
Select the answer
1 correct answer
A.
From User Management, open the account details for the affected user and select "Generate New Password"
B.
From User Management, select "Reset Password" from the three dot menu for the affected user account
C.
From User Management, select "Update Account" and manually create a new password for the affected user account
D.
From User Management, the administrator must rebuild the account as the certificate for user specific private/public key generation is no longer valid

Quiz

7/10
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?
Select the answer
1 correct answer
A.
Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
B.
Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"
C.
Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
D.
Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"

Quiz

8/10
When creating new IOCs in IOC management, which of the following fields must be configured?
Select the answer
1 correct answer
A.
Hash, Description, Filename
B.
Hash, Action and Expiry Date
C.
Filename, Severity and Expiry Date
D.
Hash, Platform and Action

Quiz

9/10
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?
Select the answer
1 correct answer
A.
Remediation Manager
B.
Real Time Responder – Read Only Analyst
C.
Falcon Analyst – Read Only
D.
Real Time Responder – Active Responder

Quiz

10/10
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?
Select the answer
1 correct answer
A.
USB Device Policy
B.
Firewall Rule Group
C.
Containment Policy
D.
Machine Learning Exclusions
Looking for more questions?Buy now

CrowdStrike-CCFA-200 Practice test unlocks all online simulator questions

Thank you for choosing the free version of the CrowdStrike-CCFA-200 practice test! Further deepen your knowledge on CrowdStrike Simulator; by unlocking the full version of our CrowdStrike-CCFA-200 Simulator you will be able to take tests with over 153 constantly updated questions and easily pass your exam. 98% of people pass the exam in the first attempt after preparing with our 153 questions.

BUY NOW

What to expect from our CrowdStrike-CCFA-200 practice tests and how to prepare for any exam?

The CrowdStrike-CCFA-200 Simulator Practice Tests are part of the CrowdStrike Database and are the best way to prepare for any CrowdStrike-CCFA-200 exam. The CrowdStrike-CCFA-200 practice tests consist of 153 questions and are written by experts to help you and prepare you to pass the exam on the first attempt. The CrowdStrike-CCFA-200 database includes questions from previous and other exams, which means you will be able to practice simulating past and future questions. Preparation with CrowdStrike-CCFA-200 Simulator will also give you an idea of the time it will take to complete each section of the CrowdStrike-CCFA-200 practice test . It is important to note that the CrowdStrike-CCFA-200 Simulator does not replace the classic CrowdStrike-CCFA-200 study guides; however, the Simulator provides valuable insights into what to expect and how much work needs to be done to prepare for the CrowdStrike-CCFA-200 exam.

BUY NOW

CrowdStrike-CCFA-200 Practice test therefore represents an excellent tool to prepare for the actual exam together with our CrowdStrike practice test . Our CrowdStrike-CCFA-200 Simulator will help you assess your level of preparation and understand your strengths and weaknesses. Below you can read all the quizzes you will find in our CrowdStrike-CCFA-200 Simulator and how our unique CrowdStrike-CCFA-200 Database made up of real questions:

Info quiz:

  • Quiz name:CrowdStrike-CCFA-200
  • Total number of questions:153
  • Number of questions for the test:50
  • Pass score:80%

You can prepare for the CrowdStrike-CCFA-200 exams with our mobile app. It is very easy to use and even works offline in case of network failure, with all the functions you need to study and practice with our CrowdStrike-CCFA-200 Simulator.

Use our Mobile App, available for both Android and iOS devices, with our CrowdStrike-CCFA-200 Simulator . You can use it anywhere and always remember that our mobile app is free and available on all stores.

Our Mobile App contains all CrowdStrike-CCFA-200 practice tests which consist of 153 questions and also provide study material to pass the final CrowdStrike-CCFA-200 exam with guaranteed success. Our CrowdStrike-CCFA-200 database contain hundreds of questions and CrowdStrike Tests related to CrowdStrike-CCFA-200 Exam. This way you can practice anywhere you want, even offline without the internet.

BUY NOW