CrowdStrike CCFA-200 Real Exam Questions
The questions for CCFA-200 were last updated at Dec 23,2024.
- Exam Code: CCFA-200
- Exam Name: CrowdStrike Certified Falcon Administrator
- Certification Provider: CrowdStrike
- Latest update: Dec 23,2024
Question #11
How are user permissions set in Falcon?
- A . Permissions are assigned to a User Group and then users are assigned to that group, thereby inheriting those permissions
- B . Pre-defined permissions are assigned to sets called roles. Users can be assigned multiple roles based on job function and they assume a cumulative set of permissions based on those assignments
- C . An administrator selects individual granular permissions from the Falcon Permissions List during user creation
- D . Permissions are token-based. Users request access to a defined set of permissions and an administrator adds their token to the set of permissions
Correct Answer: B
Question #12
Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?
- A . Next-Gen Antivirus (NGAV) protection
- B . Adware and Potentially Unwanted Program detection and prevention
- C . Real-time offline protection
- D . Identification and analysis of unknown executables
Correct Answer: D
Question #13
Which of the following applies to Custom Blocking Prevention Policy settings?
- A . Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
- B . Blocklisting applies to hashes, IP addresses, and domains
- C . Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
- D . You can only blocklist hashes via the API
Correct Answer: A
Question #14
What is the purpose of using groups with Sensor Update policies in CrowdStrike Falcon?
- A . To group hosts with others in the same business unit
- B . To group hosts according to the order in which Falcon was installed, so that updates are installed in the same order every time
- C . To prioritize the order in which Falcon updates are installed, so that updates are not installed all at once leading to network congestion
- D . To allow the controlled assignment of sensor versions onto specific hosts
Correct Answer: D
Question #15
Which is the correct order for manually installing a Falcon Package on a macOS system?
- A . Install the Falcon package, then register the Falcon Sensor via the registration package
- B . Install the Falcon package, then register the Falcon Sensor via command line
- C . Register the Falcon Sensor via command line, then install the Falcon package
- D . Register the Falcon Sensor via the registration package, then install the Falcon package
Correct Answer: B
Question #16
Which of the following is TRUE of the Logon Activities Report?
- A . Shows a graphical view of user logon activity and the hosts the user connected to
- B . The report can be filtered by computer name
- C . It gives a detailed list of all logon activity for users
- D . It only gives a summary of the last logon activity for users
Correct Answer: D
Question #17
An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?
- A . File exclusions are not aligned to groups or hosts
- B . There is a limit of three groups of hosts applied to any exclusion
- C . There is no limit and exclusions can be applied to any or all groups
- D . Each exclusion can be aligned to only one group of hosts
Correct Answer: C