
Latest Success Metrics For Actual CCFA-200b Exam (Updated 255 Questions)
Genuine CCFA-200b Exam Dumps Free Demo Valid QA's
NEW QUESTION # 117
Which of the following applies to Custom Blocking Prevention Policy settings?
- A. You can only blocklist hashes via the API
- B. Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
- C. Blocklisting applies to hashes, IP addresses, and domains
- D. Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
Answer: B
Explanation:
Falcon allows you to upload hashes from your own black or white lists. To enabled this navigate to the Configuration App, Prevention hashes window, and click on "Upload Hashes" in the upper right-hand corner. Note that you can also automate the task of importing hashes with the CrowdStrike Falcon?API.
NEW QUESTION # 118
By default, how many days without successful communication must pass before a host no longer appears in the Falcon console?
- A. 0
- B. The exact number of days is set by your data retention period
- C. 1
- D. 2
Answer: A
NEW QUESTION # 119
What is the function of a single asterisk (*) in an ML exclusion pattern?
- A. The single asterisk is the insertion point for the variable list that follows the path
- B. The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path
- C. The single asterisk is only used to start an expression, and it represents the drive letter
- D. The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path
Answer: B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/machine-learning The asterisk is a wildcard character that can be used in exclusion patterns to match any number of characters. However, it does not match separator characters, such as \ or /, which are used to separate portions of a file path. For example, the pattern C:\Windows\*\*.exe will match any executable file in any subfolder of the Windows folder, but not in the Windows folder itself.
NEW QUESTION # 120
In order to quarantine files on the host, what prevention policy settings must be enabled?
- A. Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled
- B. Malware Protection and Windows Anti-Malware Execution Blocking must be enabled
- C. Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabled
- D. Malware Protection and Custom Execution Blocking must be enabled
Answer: C
Explanation:
In order to quarantine files on the host, the administrator must enable the Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" in the prevention policy settings. This will allow Falcon to quarantine malicious files and register them with Windows Security Center. The other options are either incorrect or not sufficient to enable quarantine.
NEW QUESTION # 121
What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform?
- A. Event trigger(s)
- B. Predefined workflow template(s)
- C. Trigger, condition(s) and action(s)
- D. For - While statement(s)
Answer: C
Explanation:
The model that is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform is trigger, condition(s) and action(s). This model allows you to specify what event will trigger the workflow, what condition(s) must be met for the workflow to execute, and what action(s) will be performed by the workflow.
The other options are either incorrect or not related to creating workflows.
NEW QUESTION # 122
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?
- A. Firewall Rule Group
- B. Machine Learning Exclusions
- C. USB Device Policy
- D. Containment Policy
Answer: B
Explanation:
Continment Policy, is a allowlist of IPs and CIDR networks allowed in the moment of a host containtment. The Machine Learning Exclusions are the way to avoid the detections done it by Machine Learning based on files, so it is possible to exclude the detections for the requested folder with a GLOB expression.
NEW QUESTION # 123
You need to export a list of all deletions for a specific Host Name in the last 24 hours. What is the best way to do this?
- A. Go to Host Management in the Host page. Select the host and use the Export Detections button
- B. Utilize the Detection Activity Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detections by Host" section
- C. In the Investigate module, access the Detection Activity page. Use the filters to focus on the appropriate hostname and time, then export the results
- D. Utilize the Detection Resolution Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detection Resolution History" section
Answer: C
Explanation:
The best way to export a list of all deletions for a specific Host Name in the last 24 hours is to go to the Investigate module, access the Detection Activity page, use the filters to focus on the appropriate hostname and time, then export the results. This will allow you to download a CSV file that contains information about all the detections that were deleted for that host in that time period. The other options are either incorrect or not related to exporting deletions.
NEW QUESTION # 124
You are tasked with creating a group for hosts running Windows 10.
What kind of group should you create to make sure all applicable hosts are included in your environment?
- A. Create a static group with the assignment rule criteria set to OS Type Workstation
- B. Create a static group with the assignment rule criteria for OS Version set to Windows 10
- C. Create a dynamic group with the assignment rule criteria for OS Version set to Windows 10
- D. Create a dynamic group with the assignment rule criteria set to OS Type Workstation
Answer: C
NEW QUESTION # 125
Which statement best describes user permissions in Falcon?
- A. Custom user role permission sets can be shared with all Crowdstrike customers globally
- B. User permissions can be defined by default or custom roles as needed
- C. Users can only have predefined default roles assigned to them before using a custom role
- D. Each Falcon permission needs to be selected when the user account is created
Answer: B
NEW QUESTION # 126
Which of the following policies allowlist network traffic even while a host is Network Contained?
- A. IP Allowlist Policy
- B. Firewall Policy
- C. Response Policy
- D. Containment Policy
Answer: A
NEW QUESTION # 127
You need to be aware of which policies are the most used as new hosts are being added to your CID.
Where could you easily find a review of the top ten sensor update, prevention, and device control policies?
- A. Managed Assets dashboard
- B. Executive Summary
- C. Sensor Subscription licenses
- D. Sensor Policy Daily report
Answer: D
NEW QUESTION # 128
What default roles can view, create, and edit workflows?
- A. Falcon Administrator, Falcon Security Lead, Workflow Author
- B. Falcon Administrator, Falcon Security Lead
- C. Falcon Administrator, Workflow Author
- D. Falcon Administrator, Workflow Author, Falcon Security Lead, Falcon Investigator
Answer: A
NEW QUESTION # 129
What is the primary purpose of using glob syntax in an exclusion?
- A. To specify a Domain be excluded from detections
- B. To specify a network share be excluded from detections
- C. To specify exclusion patterns to easily exclude files and folders and extensions from detections
- D. To specify exclusion patterns to easily add files and folders and extensions to be prevented
Answer: C
Explanation:
Glob syntax is used to specify exclusion patterns to easily exclude files and folders and extensions from detections. Glob syntax allows you to use wildcards (*) and ranges ([a-z]) to match multiple characters or values in a file path or name. For example, you can use glob syntax to exclude all files with .exe extension in a folder by using C:\Folder*.exe as an exclusion pattern2.
NEW QUESTION # 130
Which of the following Machine Learning (ML) sliders will only detect or prevent high confidence malicious items?
- A. Moderate
- B. Aggressive
- C. Cautious
- D. Minimal
Answer: C
Explanation:
The Machine Learning (ML) slider that will only detect or prevent high confidence malicious items is Cautious. The ML slider allows you to adjust the level of sensitivity and aggressiveness of the Falcon sensor's ML engine, which uses artificial intelligence to identify and stop unknown threats.
The Cautious setting will enable the sensor to detect and prevent only high-confidence malicious events, while allowing low-confidence events to run without interference. This setting will also generate less noise and false positives than higher settings, such as Moderate or Extra Aggressive.
NEW QUESTION # 131
Your organization wants to monitor the use of remote access software that is currently authorized. The executable is called remote.exe.
How would you trigger a detection for review of any process named remote.exe?
- A. Assign an aggressive detection level machine-learning prevention policy to the applicable hosts
- B. Write a scheduled search looking for ProcessRollup2 events for remote.exe
- C. Write an IOA rule to monitor process creation of .*\\remote\.exe
- D. Create an exclusion for remote.exe and set a workflow to email you every time the exclusion is used
Answer: C
NEW QUESTION # 132
The Logon Activities Report includes all of the following information for a particular user EXCEPT
__________.
- A. the last time the user's password was set
- B. the logon type (e.g. interactive, service)
- C. the account type for the user (e.g. Domain Administrator, Local User)
- D. all hosts the user logged into
Answer: D
Explanation:
Checked in console, it returns only the last machine where the user logged on, so it will not return all the machines that the user was logged on in the desired search.
NEW QUESTION # 133
Which of the following uses Regex to create a detection or take a preventative action?
- A. Custom IOC
- B. Custom IOA
- C. Sensor Visibility Exclusion
- D. Machine Learning Exclusion
Answer: B
Explanation:
The option that uses regex to create a detection or take a preventative action is Custom IOA. A Custom IOA (indicator of attack) allows you to define custom rules for detecting or preventing suspicious behavior based on process execution, file write, network connection, or registry events. You can use regex syntax to create a Custom IOA rule that matches the event data that you want to monitor or block.
NEW QUESTION # 134
You want to create a detection-only policy. How do you set this up in your policy's settings?
- A. You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect.
- B. Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.
- C. Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender.
- D. Select the "Detect-Only" template. Disable hash blocking and exclusions.
Answer: B
Explanation:
The administrator can create a detection-only policy by setting the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled in the policy's settings. This will allow Falcon to detect but not prevent threats on the hosts using this policy. Do not activate any of the other blocking or malware prevention options, as they will enable prevention actions. The other options are either incorrect or not related to creating a detection- only policy.
NEW QUESTION # 135
Assume the Falcon Sensor was installed on a Virtual Machine template using the installation parameter NO_START=1. Afterward, the Virtual Machine template is rebooted. What is the effect on the Falcon Sensor after reboot?
- A. The Falcon Sensor would start at reboot and generate an Agent ID.
- B. The Falcon Sensor would disable BIOS checks at startup
- C. The Falcon Sensor would not automatically start on reboot. It would have to be manually started
- D. The Falcon Sensor would start, but only send a heartbeat to the Falcon console
Answer: C
NEW QUESTION # 136
What best describes the relationship between Sensor Update policies and Operating Systems?
- A. A Sensor Update policy must be configured for each Operating System (Windows, Mac, Linux)
- B. Windows has its own Sensor Update polices. But Mac and Linux share Sensor Update policies
- C. Windows and Mac share Sensor Update policies. Linux requires its own set of polices based on the different kernel versions
- D. Sensor Update polices are not Operating System specific. One policy can be applied to all Operating Systems
Answer: A
Explanation:
The option that describes the relationship between Sensor Update policies and Operating Systems is that a Sensor Update policy must be configured for each Operating System (Windows, Mac, Linux). This option is essentially a repetition of question 141 and its answer.
Sensor Update policies are specific to each operating system type, as different operating systems have different sensor versions, features, and requirements. Therefore, you need to create and assign separate Sensor Update policies for each operating system type in your environment.
NEW QUESTION # 137
......
CCFA-200b Practice Test Give You First Time Success with 100% Money Back Guarantee!: https://www.vceprep.com/CCFA-200b-latest-vce-prep.html
Printable & Easy to Use CrowdStrike Certified Falcon Administrator CCFA-200b Dumps 100% Same Q&A In Your Real Exam: https://drive.google.com/open?id=1vMthkh-jstOSfGsrdZDB8CIl9W9QJjva