Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the CrowdStrike CrowdStrike Falcon Certification Program CCFA-200b Questions and answers with CertsForce

Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions
Questions # 11:

What is the primary purpose of audit logs in Falcon?

Options:

A.

Trace file changes


B.

Track configuration changes


C.

Monitor system performance


Expert Solution
Questions # 12:

You are deploying the Falcon sensor to 500 hosts. Hosts in an Organizational Unit need a specific exclusion that was previously identified. This OU is expected to add members over the next quarter. What is the best way to create a host group for this OU?

Options:

A.

Create a Dynamic Group targeting Windows 10 OS in the domain


B.

Create a dynamic group with an assignment rule that excludes the OU


C.

Create a dynamic group with an assignment rule that filters for the OU


Expert Solution
Questions # 13:

Where can you find a list of hosts that have not communicated with the CrowdStrike Cloud?

Options:

A.

Host Groups


B.

Inactive Sensors


C.

Activity Dashboard


D.

Sensor Report


Expert Solution
Questions # 14:

Your development team is working on a new enterprise application, but Falcon starts creating alerts during testing. The alert points to “C:\Users\Bob\DevCode\felix.dll”. In the detection, you see that it is triggering only on a specific Falcon IOA. What would be the best course of action for this situation?

Options:

A.

Create an IOA exclusion for “C:\Users\Bob\DevCode\felix.dll”


B.

Create a Custom IOC and set it to “Allow” for “C:\Users\Bob\DevCode\felix.dll”


C.

Manually turn off the built-in IOA through prevention policies


D.

Create a sensor visibility exclusion for “C:\Users\Bob\DevCode\felix.dll”


Expert Solution
Questions # 15:

You want to add an additional layer of security to high-risk Real Time Response commands for your environment. Where do you configure MFA for RTR within the UI?

Options:

A.

General settings


B.

Notifications


C.

Response policies


D.

Containment policy


Expert Solution
Questions # 16:

Detections related to a penetration test on a particular server are currently generating thousands of entries in the console. Your leadership does not need to track the detections in Falcon. What should you do to allow your team to focus on more relevant detections?

Options:

A.

Create a Fusion Workflow to email the SOC team every time the penetration test generates a detection


B.

Implement an SVE on the particular host


C.

Temporarily disable detections for the server in Host Management and re-enable after the test is done


D.

Use Real Time Response to kill the offending process on the server


Expert Solution
Questions # 17:

An inactive host that does not contact the Falcon cloud will be automatically removed from the Host Management and Trash pages after how many days?

Options:

A.

75 Days


B.

60 Days


C.

90 Days


D.

45 Days


Expert Solution
Questions # 18:

A Falcon Administrator is unable to initiate a Real-Time Response (RTR) session. What is the most likely cause?

Options:

A.

The domain controller is preventing the connection


B.

The host has a user logged into it


C.

There is another analyst connected into it


D.

They do not have an RTR role assigned to them


Expert Solution
Questions # 19:

Where can you find the history of the successes and failures for any Fusion SOAR workflows?

Options:

A.

Falcon UI Audit Trail


B.

Custom Alert History


C.

Workflow Audit log


D.

Workflow Execution log


Expert Solution
Questions # 20:

You are assigning sensor group tags during installation. What is the maximum allowed length of all tags?

Options:

A.

237 characters


B.

256 characters


C.

50 characters


D.

100 characters


Expert Solution
Viewing page 2 out of 3 pages
Viewing questions 11-20 out of questions