Exam Code: CCFA-200
Exam Name: CrowdStrike Certified Falcon Administrator
Updated: Apr 30, 2024
Q&As: 96
At Passcerty.com, we pride ourselves on the comprehensive nature of our CCFA-200 exam dumps, designed meticulously to encompass all key topics and nuances you might encounter during the real examination. Regular updates are a cornerstone of our service, ensuring that our dedicated users always have their hands on the most recent and relevant Q&A dumps. Behind every meticulously curated question and answer lies the hard work of our seasoned team of experts, who bring years of experience and knowledge into crafting these premium materials. And while we are invested in offering top-notch content, we also believe in empowering our community. As a token of our commitment to your success, we're delighted to offer a substantial portion of our resources for free practice. We invite you to make the most of the following content, and wish you every success in your endeavors.
Experience Passcerty.com exam material in PDF version.
Simply submit your e-mail address below to get started with our PDF real exam demo of your CrowdStrike CCFA-200 exam.
Instant download
Latest update demo according to real exam
How long are detection events kept in Falcon?
A. Detection events are kept for 90 days
B. Detections events are kept for your subscribed data retention period
C. Detection events are kept for 7 days
D. Detection events are kept for 30 days
What can the Quarantine Manager role do?
A. Manage and change prevention settings
B. Manage quarantined files to release and download
C. Manage detection settings
D. Manage roles and users
Which of the following is NOT a way to determine the sensor version installed on a specific endpoint?
A. Use the Sensor Report to filter to the specific endpoint
B. Use Host Management to select the desired endpoint. The agent version will be listed in the columns and details
C. From a command line, run the sc query csagent -version command
D. Use the Investigate > Host Search to filter to the specific endpoint
The Logon Activities Report includes all of the following information for a particular user EXCEPT __________.
A. the account type for the user (e.g. Domain Administrator, Local User)
B. all hosts the user logged into
C. the logon type (e.g. interactive, service)
D. the last time the user's password was set
To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?
A. Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead
B. Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only
C. Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block
D. Using IOC management, import the list of hashes and IP addresses and set the action to No Action
Viewing Page 1 of 3 pages. Download PDF or Software version with 96 questions