Get CCFA-200 Braindumps & CCFA-200 Real Exam Questions [Q41-Q64] : Exam for engine : http://blog.test4engine.com

This page was exported from Exam for engine [ http://blog.test4engine.com ]
Export date: Mon Nov 18 2:57:12 2024 / +0000 GMT

Get CCFA-200 Braindumps & CCFA-200 Real Exam Questions [Q41-Q64]

Get CCFA-200 Braindumps & CCFA-200 Real Exam Questions

CrowdStrike CCFA-200 Actual Questions and Braindumps

CrowdStrike CCFA-200 exam is a comprehensive assessment of an individual's knowledge of the CrowdStrike Falcon platform. CCFA-200 exam covers a wide range of topics, including the basics of endpoint protection, malware analysis, threat intelligence, and incident response. CCFA-200 exam also tests the individual's ability to configure, operate, and troubleshoot the CrowdStrike Falcon platform. CCFA-200 exam consists of 60 multiple-choice questions and is timed at 90 minutes. Passing the exam requires a score of 70% or higher.

QUESTION 41
To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead

Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only

Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block

Using IOC management, import the list of hashes and IP addresses and set the action to No Action

QUESTION 42
Which of the following pages provides a count of sensors in Reduced Functionality Mode (RFM) by Operating System?

Support and resources

Activity Overview

Hosts Overview

Sensor Health

QUESTION 43
What best describes what happens to detections in the console after clicking “Disable Detections” for a host from within the Host Management page?

The detections for the host are removed from the console immediately and no new detections will display in the console going forward

You cannot disable detections for a host

Existing detections for the host remain, but no new detections will display in the console going forward

Preventions will be disabled for the host

QUESTION 44
What can exclusions be applied to?

Individual hosts selected by the administrator

Either all hosts or specified groups

Only the default host group

Only the groups selected by the administrator

QUESTION 45
Custom IOA rules are defined using which syntax?

Glob

PowerShell

Yara

Regex

QUESTION 46
Where can you find your company’s Customer ID (CID)?

The CID is a secret key used for Falcon communication and is never shared with the customer

The CID is only available by calling support

The CID is located at Hosts setup and management > Deploy > Sensor Downloads and is listed along with the checksum

The CID is located at Hosts > Host Management

QUESTION 47
Which of the following is a valid step when troubleshooting sensor installation failure?

Confirm all required services are running on the system

Enable the Windows firewall

Disable SSL and TLS on the host

Delete any available application crash log files

QUESTION 48
Which of the following best describes the Default Sensor Update policy?

The Default Sensor Update policy does not have the “Uninstall and maintenance protection” feature

The Default Sensor Update policy is only used for testing sensor updates

The Default Sensor Update policy is a “catch-all” policy

The Default Sensor Update policy is disabled by default

QUESTION 49
Which statement is TRUE regarding disabling detections on a host?

Hosts with detections disabled will not alert on blocklisted hashes or machine learning detections, but will still alert on lOA-based detections. It will remain that way until detections are enabled again

Hosts with detections disabled will not alert on anything until detections are enabled again

Hosts with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed

Hosts cannot have their detections disabled individually

QUESTION 50
Which role will allow someone to manage quarantine files?

Falcon Security Lead

Detections Exceptions Manager

Falcon Analyst – Read Only

Endpoint Manager

QUESTION 51
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?

TCP port 22 (SSH)

TCP port 443 (HTTPS)

TCP port 80 (HTTP)

TCP UDP port 53 (DNS)

QUESTION 52
Where can you modify settings to permit certain traffic during a containment period?

Prevention Policy

Host Settings

Containment Policy

Firewall Settings

QUESTION 53
What command should be run to verify if a Windows sensor is running?

regedit myfile.reg

sc query csagent

netstat -f

ps -ef | grep falcon

QUESTION 54
What three things does a workflow condition consist of?

A parameter, an operator, and a value

A beginning, a middle, and an end

Triggers, actions, and alerts

Notifications, alerts, and API’s

QUESTION 55
Which of the following is NOT an available filter on the Hosts Management page?

Hostname

Username

Group

OS Version

QUESTION 56
How do you find a list of inactive sensors?

The Falcon platform does not provide reporting for inactive sensors

A sensor is always considered active until removed by an Administrator

Run the Inactive Sensor Report in the Host setup and management option

Run the Sensor Aging Report within the Investigate option

QUESTION 57
What is likely the reason your Windows host would be in Reduced Functionality Mode (RFM)?

Microsoft updates altering the kernel

The host lost internet connectivity

A misconfiguration in your prevention policy for the host

A Sensor Update Policy was misconfigured

QUESTION 58
How can a Falcon Administrator configure a pop-up message to be displayed on a host when the Falcon sensor blocks, kills or quarantines an activity?

By ensuring each user has set the “pop-ups allowed” in their User Profile configuration page

By enabling “Upload quarantined files” in the General Settings configuration page

By turning on the “Notify End Users” setting at the top of the Prevention policy details configuration page

By selecting “Enable pop-up messages” from the User configuration page

QUESTION 59
How do you assign a Prevention policy to one or more hosts?

Create a new policy and assign it directly to those hosts on the Host Management page

Modify the users roles on the User Management page

Ensure the hosts are in a group and assign that group to a custom Prevention policy

Create a new policy and assign it directly to those hosts on the Prevention policy page

QUESTION 60
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?

TCP port 22 (SSH)

TCP port 443 (HTTPS)

TCP port 80 (HTTP)

TCP UDP port 53 (DNS)

QUESTION 61
What should be disabled on firewalls so that the sensor’s man-in-the-middle attack protection works properly?

Deep packet inspection

Linux Sub-System

PowerShell

Windows Proxy

QUESTION 62
What impact does disabling detections on a host have on an API?

Endpoints with detections disabled will not alert on anything until detections are enabled again

Endpoints cannot have their detections disabled individually

DetectionSummaryEvent stops sending to the Streaming API for that host

Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed

QUESTION 63
What best describes what happens to detections in the console after clicking “Enable Detections” for a host which previously had its detections disabled?

Enables custom detections for the host

New detections will start appearing in the console, and all retroactive stored detections will be restored to the console for that host

New detections will start appearing in the console immediately. Previous detections will not be restored to the console for that host

Preventions will be enabled for the host

QUESTION 64
Why would you assign hosts to a static group instead of a dynamic group?

You do not want the group membership to change automatically

You are managing more than 1000 hosts

You need hosts to be automatically assigned to a group

You want the group to contain hosts from multiple operating systems

CCFA-200 Dumps To Pass CrowdStrike Exam in 24 Hours - Test4Engine: https://www.test4engine.com/CCFA-200_exam-latest-braindumps.html

Post date: 2023-10-26 12:51:08
Post date GMT: 2023-10-26 12:51:08
Post modified date: 2023-10-26 12:51:08
Post modified date GMT: 2023-10-26 12:51:08