Most Recent CrowdStrike CCFA-200 Exam Questions & Answers

Prepare for the CrowdStrike Certified Falcon Administrator exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the CrowdStrike CCFA-200 exam and achieve success.

The questions for CCFA-200 were last updated on Nov 17, 2024.

Viewing page 1 out of 31 pages.
Viewing questions 1-5 out of 153 questions

Get All 153 Questions & Answers

Question No. 1

Which statement is TRUE regarding disabling detections on a host?

AHosts with detections disabled will not alert on blocklisted hashes or machine learning detections, but will still alert on lOA-based detections. It will remain that way until detections are enabled again

BHosts with detections disabled will not alert on anything until detections are enabled again

CHosts with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed

DHosts cannot have their detections disabled individually

Show Answer

Correct Answer: B

The statement that is true regarding disabling detections on a host is that hosts with detections disabled will not alert on anything until detections are enabled again. As explained in question 127, disabling detections for a host will stop the sensor from sending any detection or prevention events to the Falcon console, and remove any existing events for that host from the console. This means that the host will not alert on anything, including blocklisted hashes, machine learning detections, or indicator of attack (IOA)-based detections.The host will remain in this state until detections are enabled again1.

Question No. 2

How can you find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days?

AUnder Dashboards and reports, choose the Sensor Report. Set the 'Last Seen' dropdown to 30 days and reference the Inactive Sensors widget

BUnder Host setup and management, choose the Host Management page. Set the group filter to 'Inactive Sensors'

CUnder Host setup and management > Managed endpoints > Inactive Sensors. Change the time range to 30 days

DUnder Host setup and management, choose the Disabled Sensors Report. Change the time range to 30 days

Show Answer

Correct Answer: C

The administrator can find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days by going to Host setup and management > Managed endpoints > Inactive Sensors. Then, change the time range to 30 days. This will show the host name, last seen date, sensor version and group name for each inactive host. The other options are either incorrect or not available. Reference: [CrowdStrike Falcon User Guide], page 31.

Question No. 3

Which of the following is NOT an available filter on the Hosts Management page?

AHostname

BUsername

CGroup

DOS Version

Show Answer

Correct Answer: B

Username is not an available filter on the Hosts Management page. The Hosts Management page allows you to view and manage all the hosts in your environment that have Falcon sensors installed. You can filter the hosts by hostname, group, OS version, sensor version, last seen date, health events, detections, and preventions.You can also perform actions such as assigning hosts to groups, updating sensor policies, uninstalling sensors, or isolating hosts1.

Question No. 4

Where in the Falcon console can information about supported operating system versions be found?

AConfiguration module

BIntelligence module

CSupport module

DDiscover module

Show Answer

Correct Answer: C

Information about supported operating system versions can be found in the Support module in the Falcon console. This module provides access to various support resources, such as documentation, downloads, FAQs, release notes and system status. One of the documents available in this module is the CrowdStrike Sensor Compatibility List, which lists the supported operating system versions for each sensor type and platform. The other options are either incorrect or not related to finding information about supported operating system versions. Reference:CrowdStrike Falcon User Guide, page 26.

Question No. 5

To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

ABlocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead

BUsing IOC management, import the list of hashes and IP addresses and set the action to Detect Only

CUsing IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block

DUsing IOC management, import the list of hashes and IP addresses and set the action to No Action

Show Answer

Correct Answer: A

IOC management only allows 'Detect only' and 'No Action' among the possible actions. Therefore, it cannot be used to block based on IPs or domains. Custom IOA Rule groups allow to create rule types based on Network Connection (configuring a remote IP address) and domains, and gives the options to 'Monitor', 'Detect' and 'Kill Process', being the late one the closest to 'block'.

Unlock All Questions for CrowdStrike CCFA-200 Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 153 Questions & Answers