Free Demo Questions

Test Online Free CrowdStrike CCFA-200 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free CCFA-200 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated Jan 04, 2024 20 Questions 2 Pages

Get CCFA-200 Full Access

Question 1 Selectable Answer

Where in the Falcon console can information about supported operating system versions be found?

A. Configuration module
B. Intelligence module
C. Support module
D. Discover module

Answer:

Question 2 Selectable Answer

The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks.
Which statement is TRUE concerning Falcon sensor certificate validation?

A. SSL inspection should be configured to occur on all Falcon traffic
B. Some network configurations, such as deep packet inspection, interfere with certificate validation
C. HTTPS interception should be enabled to proceed with certificate validation
D. Common sources of interference with certificate pinning include protocol race conditions and resource contention

Answer:

Question 3 Selectable Answer

Which of the following applies to Custom Blocking Prevention Policy settings?

A. Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
B. Blocklisting applies to hashes, IP addresses, and domains
C. Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
D. You can only blocklist hashes via the API

Answer:

Question 4 Selectable Answer

1.An analyst has reported they are not receiving workflow triggered notifications in the past few days.
Where should you first check for potential failures?

A. Custom Alert History
B. Workflow Execution log
C. Workflow Audit log
D. Falcon UI Audit Trail

Answer:

Question 5 Selectable Answer

You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded.
In the Sensor Update policy, which is the best Sensor version option to achieve these requirements?

A. Specific sensor version number
B. Auto - TEST-QA
C. Sensor version updates off
D. Auto - N-1

Answer:

Question 6 Selectable Answer

What is the most common cause of a Windows Sensor entering Reduced Functionality Mode (RFM)?

A. Falcon console updates are pending
B. Falcon sensors installing an update
C. Notifications have been disabled on that host sensor
D. Microsoft updates

Answer:

Question 7 Selectable Answer

Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host.
What is the most appropriate role that can be added to fullfil this requirement?

A. Remediation Manager
B. Real Time Responder C Read Only Analyst
C. Falcon Analyst C Read Only
D. Real Time Responder C Active Responder

Answer:

Question 8 Selectable Answer

Which of the following is NOT an available filter on the Hosts Management page?

A. Hostname
B. Username
C. Group
D. OS Version

Answer:

Question 9 Selectable Answer

Which option allows you to exclude behavioral detections from the detections page?

A. Machine Learning Exclusion
B. IOA Exclusion
C. IOC Exclusion
D. Sensor Visibility Exclusion

Answer:

Question 10 Selectable Answer

How are user permissions set in Falcon?

A. Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions
B. Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments
C. An administrator selects individual granular permissions from the Falcon Permissions List during user creation
D. Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions

Answer:

Question 11 Selectable Answer

How do you disable all detections for a host?

A. Create an exclusion rule and apply it to the machine or group of machines
B. Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)
C. You cannot disable all detections on individual hosts as it would put them at risk
D. In Host Management, select the host and then choose the option to Disable Detections

Answer:

Question 12 Selectable Answer

What is the name for the unique host identifier in Falcon assigned to each sensor during sensor installation?

A. Endpoint ID (EID)
B. Agent ID (AID)
C. Security ID (SID)
D. Computer ID (CID)

Answer:

Question 13 Selectable Answer

How many "Auto" sensor version update options are available for Windows Sensor Update Policies?

A. 1
B. 2
C. 0
D. 3

Answer:

Question 14 Selectable Answer

Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

A. .*badguydomain.com.*
B. \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill
C. badguydomain\.com.*
D. Custom IOA rules cannot be created for domains

Answer:

Question 15 Selectable Answer

You are evaluating the most appropriate Prevention Policy Machine Learning slider settings for your environment. In your testing phase, you configure the Detection slider as Aggressive.
After running the sensor with this configuration for 1 week of testing, which Audit report should you review to determine the best Machine Learning slider settings for your organization?

A. Prevention Policy Audit Trail
B. Prevention Policy Debug
C. Prevention Hashes Ignored
D. Machine-Learning Prevention Monitoring

Answer:

Current Exam

CCFA-200

CrowdStrike
CrowdStrike Certified Falcon Administrator

View Full CCFA-200 Package