CrowdStrike Certified Falcon Administrator CCFA-200 exam dumps questions are available, which are valuable for you to pass this test. CrowdStrike Certified Falcon Administrator exam evaluates a candidate's knowledge, skills and abilities to manage various components of the CrowdStrike Falcon platform daily, including sensor installation. The CCFA certification is ideal for the administrator or any analyst with access to the administrative side of the Falcon platform. Related CrowdStrike Certified Falcon Administrator CCFA-200 exam information is helpful in your preparation.
CrowdStrike Certified Falcon Administrator CCFA-200 Exam
CrowdStrike Certified Falcon Administrator CCFA-200 exam basic information is available below.
Number of questions: 60
Duration: 90 minutes
Passing mark: 48/60
Price: $250
CrowdStrike Certifications CCFA-200 Exam Topics
CrowdStrike Certifications CCFA-200 exam topics cover the following details.
1. User Management
2. Sensor Deployment
3. Host Management
4. Group Creation
5. Prevention Policies
6. Custom IOA Rules
7. Sensor Update Policy
8. Quarantine Files
9. IOC Management
10. Containment Policies
11. Exclusions
12. Reports
13. Real Time Response Policy/Audit Logs
14. API Clients and Keys
15. Notification Workflow
Practice CrowdStrike CCFA-200 Exam Dumps Questions
CrowdStrike Certification CCFA-200 exam dumps questions are the best material for you to test the above CrowdStrike Certified Falcon Administrator CCFA-200 exam objectives. Share some CrowdStrike CCFA-200 exam dumps questions and answers below.
1.An analyst has reported they are not receiving workflow triggered notifications in the past few days.
Where should you first check for potential failures?
A. Custom Alert History
B. Workflow Execution log
C. Workflow Audit log
D. Falcon UI Audit Trail
Answer: B
2.How are user permissions set in Falcon?
A. Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions
B. Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments
C. An administrator selects individual granular permissions from the Falcon Permissions List during user creation
D. Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions
Answer: B
3.When creating new IOCs in IOC management, which of the following fields must be configured?
A. Hash, Description, Filename
B. Hash, Action and Expiry Date
C. Filename, Severity and Expiry Date
D. Hash, Platform and Action
Answer: D
4.Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group.
What is the next step to disable RTR only on these hosts?
A. Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
B. Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"
C. Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
D. Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"
Answer: C
5.What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?
A. To group hosts with others in the same business unit
B. To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time
C. To prioritize the order in which Falcon updates are installed, so that updates are not installed all at once leading to network congestion
D. To allow the controlled assignment of sensor versions onto specific hosts
Answer: D