Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the CrowdStrike CrowdStrike Falcon Certification Program CCFA-200b Questions and answers with CertsForce

Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions
Questions # 21:

When would the No Action option be assigned to a hash in IOC Management?

Options:

A.

When you want to save the indicator for later action, but do not want to block or allow it at this time


B.

There is no such option as No Action available in the Falcon console


C.

When you want to add the indicator to your allowlist, but not detect it


D.

When you want to add the indicator to your blocklist and show it as a detection


Expert Solution
Questions # 22:

In order to prevent duplicate Agent IDs, what install parameter should be used on VMs to be used as persistent clones?

Options:

A.

ProvNoWait=1


B.

VDI=true


C.

NO_START=1


D.

VM=True


Expert Solution
Questions # 23:

Your leadership wants controls in place for immediate action on any OverWatch detections. What should you do to ensure the host is contained quickly and notifies the appropriate staff?

Options:

A.

Create a Fusion SOAR workflow using the OverWatch playbook to contain the host and email the SOC team


B.

Create a Fusion SOAR workflow to contain the host and email the OverWatch team


C.

Create a Fusion SOAR workflow to trigger on an OverWatch detection and set it to block the detection


D.

Create a Fusion SOAR workflow to create a detection for OverWatch and email the SOC team


Expert Solution
Questions # 24:

Where would you apply a configuration to allow IP addresses over which your hosts will always be allowed to communicate, even if a host is contained?

Options:

A.

IP Allowlist Management


B.

Containment Policy


C.

Response Policies


D.

Maintenance Token


Expert Solution
Questions # 25:

What information can be found in the Real Time Response (RTR) Audit Log?

Options:

A.

IP Address, Prevention Policy, recent detections, and host group assignment


B.

Session end time, command return results, and file activity


C.

Session start time, duration, user, hostname, commands used, and retrieved files


D.

Real Time Response (RTR) information is not collected via audit logs


Expert Solution
Questions # 26:

After enabling an IOA rule and its respective rule group, what else must be done for an IOA to be fully functional?

Options:

A.

The rule must be manually triggered


B.

Hosts must be individually selected to apply to the rule


C.

The rule group must be assigned to a prevention policy


Expert Solution
Questions # 27:

How are prevention policies assigned to hosts in the Falcon platform?

Options:

A.

Through host group membership


B.

Through direct host assignment


C.

Through IP address ranges


D.

Through manual configuration


Expert Solution
Questions # 28:

When configuring a third-party integration to communicate with the Falcon API, which credential combination must be generated first?

Options:

A.

Access Key and Secret Key


B.

Integration Key and Customer ID


C.

API Client and Secret Key


D.

OAuth2 Token and Client Secret


Expert Solution
Questions # 29:

What log would you use to investigate unusual activity invoked with a script interfacing with the Falcon platform?

Options:

A.

Falcon UI audit


B.

RTR session audit


C.

Prevention policy debug


D.

API audit


Expert Solution
Questions # 30:

Which setting inside the Sensor Update Policy prevents unauthorized uninstallation?

Options:

A.

Installation and Maintenance Protection


B.

Sensor Version Control Protection


C.

Uninstall and Maintenance Protection


D.

Update and Management Protection


Expert Solution
Viewing page 3 out of 3 pages
Viewing questions 21-30 out of questions