CCFA-200b by CrowdStrike Actual Free Exam Questions And Answers

Question 1

Your organization has determined that your cybersecurity architect needs to be notified via email whenever Falcon generates detections of a medium severity or higher. Additionally, the architect should be notified about any incidents with a CrowdScore of 1.0 or higher. What can the Falcon Administrator do to ensure the architect is properly alerted?

A. Add the architect's email address to the manage list for detection and incident emails from the General settings menu

B. Create a custom Fusion SOAR workflow to send an email every time a new detection or incident is created

C. Create a new Falcon user for the architect and assign the Detections and Exceptions Manager role so they are automatically notified for the new detections and incidents

D. Create a new Falcon user for the architect then create and assign a custom Falcon user role so they are automatically notified for the new detections and emails

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

What is the highest level of protection for a prevention policy?

A. Phase 3

B. Phase 1

C. Phase 2

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

What action should you take to securely allow operating system update processes to occur during network containment?

A. Add sources to the Host Firewall policy

B. Add IPs of update sources to the Containment policy

C. Ensure all internal network IPs are allowed

D. Remove network containment to allow access

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Using Host setup and management inside the Falcon Console, how can you display sensors in Reduced Functionality Mode?

A. From Host management, filter for RFM

B. From Host status, filter for RFM

C. From Sensor status, click on the widget RFM

D. From Sensor health, sort using the column heading Sensor status

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

Excluding mobile devices, what kind of hosts can be contained in Falcon?

A. Windows, Linux, and container hosts running the Falcon sensor

B. Windows and Linux hosts running the Falcon sensor

C. Windows and MacOS hosts running the Falcon sensor

D. Windows, Linux, and MacOS hosts running the Falcon sensor

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

What type of information is provided in sensor health report?

A. Network traffic patterns

B. Current operational status

C. Local performance metrics

D. User login history

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

Which Windows prevention policy setting monitors contents of shells for execution of malicious content?

A. Script-based execution visibility

B. Additional user mode data visibility

C. Enhanced exploitation visibility

D. Suspicious Scripts and Commands

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

CrowdStrike Certified Falcon Administrator - 2024 Version - CCFA-200b Exam Practice Test

Contact Us

Useful Links

Latest Updated