CCFA-200 Online Practice Questions and Answers

Once an exclusion is saved, what can be edited in the future?

A. All parts of the exclusion can be changed

B. Only the selected groups and hosts to which the exclusion is applied can be changed

C. Only the options to "Detect/Block" and/or "File Extraction" can be changed

D. The exclusion pattern cannot be changed

What is the purpose of precedence with respect to the Sensor Update policy?

A. Precedence applies to the Prevention policy and not to the Sensor Update policy

B. Hosts assigned to multiple policies will assume the highest ranked policy in the list (policy with the lowest number)

C. Hosts assigned to multiple policies will assume the lowest ranked policy in the list (policy with the highest number)

D. Precedence ensures that conflicting policy settings are not set in the same policy

Which option allows you to exclude behavioral detections from the detections page?

A. Machine Learning Exclusion

B. IOA Exclusion

C. IOC Exclusion

D. Sensor Visibility Exclusion

How do you disable all detections for a host?

A. Create an exclusion rule and apply it to the machine or group of machines

B. Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)

C. You cannot disable all detections on individual hosts as it would put them at risk

D. In Host Management, select the host and then choose the option to Disable Detections

In order to quarantine files on the host, what prevention policy settings must be enabled?

A. Malware Protection and Custom Execution Blocking must be enabled

B. Next-Gen Antivirus Prevention sliders and "Quarantine and Security Center Registration" must be enabled

C. Malware Protection and Windows Anti-Malware Execution Blocking must be enabled

D. Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled

What is the maximum number of patterns that can be added when creating a new exclusion?

A. 10

B. 0

C. 1

D. 5

What information is provided in Logan Activities under Visibility Reports?

A. A list of all logons for all users

B. A list of last endpoints that a user logged in to

C. A list of users who are remotely logged on to devices based on local IP and local port

D. A list of unique users who are remotely logged on to devices based on the country

If a user wanted to install an older version of the Falcon sensor, how would they find the older installer file?

A. Older versions of the sensor are not available for download

B. By emailing CrowdStrike support at [email protected]

C. By installing the current sensor and clicking the "downgrade" button during the install

D. By clicking on "Older versions" links under the Host setup and management > Deploy > Sensor downloads

Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

A. .*badguydomain.com.*

B. \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill

C. badguydomain\.com.*

D. Custom IOA rules cannot be created for domains

Custom IOA rules are defined using which syntax?

A. Glob

B. PowerShell

C. Yara

D. Regex

You want to create a detection-only policy. How do you set this up in your policy's settings?

A. Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender.

B. Select the "Detect-Only" template. Disable hash blocking and exclusions.

C. You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect.

D. Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.

The Logon Activities Report includes all of the following information for a particular user EXCEPT __________.

A. the account type for the user (e.g. Domain Administrator, Local User)

B. all hosts the user logged into

C. the logon type (e.g. interactive, service)

D. the last time the user's password was set

What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform?

A. For - While statement(s)

B. Trigger, condition(s) and action(s)

C. Event trigger(s)

D. Predefined workflow template(s)

You are beginning the rollout of the Falcon Sensor for the first time side-by-side with your existing security solution. You need to configure the Machine Learning levels of the Prevention Policy so it does not interfere with existing solutions

during the testing phase.

What settings do you choose?

A. Detection slider: Extra Aggressive Prevention slider: Cautious

B. Detection slider: Moderate Prevention slider: Disabled

C. Detection slider: Cautious Prevention slider: Cautious

D. Detection slider: Disabled Prevention slider: Disabled

An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?

A. The API client secret can be viewed from the Edit API client pop-up box

B. Enable the Client Secret column to reveal the API client secret

C. Re-create the API client using the exact name to see the API client secret

D. The API client secret cannot be retrieved after it has been created