CrowdStrike Certified Falcon Administrator CCFA Study Guide CCFA-200 Dumps Online

1. An analyst has reported they are not receiving workflow triggered notifications in the past few days.

Where should you first check for potential failures?

2. How are user permissions set in Falcon?

3. When creating new IOCs in IOC management, which of the following fields must be configured?

4. Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group.

What is the next step to disable RTR only on these hosts?

5. Which exclusion pattern will prevent detections on a file at C:Program FilesMy ProgramMy Filesprogram.exe?

6. Once an exclusion is saved, what can be edited in the future?

7. Why is the ability to disable detections helpful?

8. What impact does disabling detections on a host have on an API?

9. What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?

10. What command should be run to verify if a Windows sensor is running?

11. Under the "Next-Gen Antivirus: Cloud Machine Learning" setting there are two categories, one of them is "Cloud Anti-Malware" and the other is:

12. What is the purpose of precedence with respect to the Sensor Update policy?

13. Which is the correct order for manually installing a Falcon Package on a macOS system?

14. When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?

15. Which of the following Machine Learning (ML) sliders will only detect or prevent high confidence malicious items?

16. You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes.

Which of the following parameters can be used to override the 20 minute default provisioning window?

17. Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host.

What is the most appropriate role that can be added to fullfil this requirement?

18. Which option allows you to exclude behavioral detections from the detections page?

19. Which role will allow someone to manage quarantine files?

20. When a host is placed in Network Containment, which of the following is TRUE?

21. How do you disable all detections for a host?

22. In order to quarantine files on the host, what prevention policy settings must be enabled?

23. What is the maximum number of patterns that can be added when creating a new exclusion?

24. Which of the following is TRUE of the Logon Activities Report?

25. You have created a Sensor Update Policy for the Mac platform.

Which other operating system(s) will this policy manage?

26. You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints.

What is the best way to prevent these in the future?

27. What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?

28. When creating a Host Group for all Workstations in an environment, what is the best method to ensure all workstation hosts are added to the group?

29. Which role allows a user to connect to hosts using Real-Time Response?

30. Where can you modify settings to permit certain traffic during a containment period?