Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CrowdStrike
  3. CCFA-200

CrowdStrike CCFA-200 Exam (page: 2)
CrowdStrike Certified Falcon Administrator
Updated on: 31-Mar-2026

Viewing Page 2 of 32
CCFA-200 PDF 153 Questions

What must an admin do to reset a user's password?

  1. From User Management, open the account details for the affected user and select "Generate New Password"
  2. From User Management, select "Reset Password" from the three dot menu for the affected user account
  3. From User Management, select "Update Account" and manually create a new password for the affected user account
  4. From User Management, the administrator must rebuild the account as the certificate for user specific private/public key generation is no longer valid

Answer(s): B

Explanation:

The administrator can reset a user's password by selecting "Reset Password" from the three dot menu for the affected user account in the User Management page. This will generate a new password and send it to the user's email address. The other options are either incorrect or not available.


Reference:

CrowdStrike Falcon User Guide, page 25.



Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group.
What is the next step to disable RTR only on these hosts?

  1. Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
  2. Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"
  3. Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
  4. Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"

Answer(s): C

Explanation:

The administrator can create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group that contains the servers that are not allowed to be accessed remotely. This will disable RTR only on those hosts, while keeping it enabled for the rest of the hosts. Editing the Default Response Policy or adding exceptions will not achieve the desired result.


Reference:

CrowdStrike Falcon User Guide, page 35.



When creating new IOCs in IOC management, which of the following fields must be configured?

  1. Hash, Description, Filename
  2. Hash, Action and Expiry Date
  3. Filename, Severity and Expiry Date
  4. Hash, Platform and Action

Answer(s): D

Explanation:

When creating new IOCs in IOC management, the administrator must configure the Hash, Platform and Action fields. The Hash field is the value of the IOC, such as MD5, SHA1 or SHA256. The Platform field is the operating system that the IOC applies to, such as Windows, Linux or Mac. The Action field is the action that Falcon will take when detecting the IOC, such as Detect, Block or Allow. The other fields are either optional or not available.


Reference:

CrowdStrike Falcon User Guide, page 44



Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host.
What is the most appropriate role that can be added to fullfil this requirement?

  1. Remediation Manager
  2. Real Time Responder ­ Read Only Analyst
  3. Falcon Analyst ­ Read Only
  4. Real Time Responder ­ Active Responder

Answer(s): B

Explanation:

The Real Time Responder - Read Only Analyst only allows to run the commands "cat,cd,clear,env,eventlog,filehash,getsid,help,history,ipconfig,ls,mount,netstat,ps,reg" the role do not have permission to get files so it is the most aproximated profile for the requested capabilities.



One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?

  1. USB Device Policy
  2. Firewall Rule Group
  3. Containment Policy
  4. Machine Learning Exclusions

Answer(s): D

Explanation:

Continment Policy, is a allowlist of IPs and CIDR networks allowed in the moment of a host containtment. The Machine Learning Exclusions are the way to avoid the detections done it by Machine Learning based on files, so it is possible to exclude the detections for the requested folder with a GLOB expression.



Viewing Page 2 of 32



Share your comments for CrowdStrike CCFA-200 exam with other users:

Thembelani 5/30/2023 2:40:00 AM

does this exam have lab sections?
Anonymous


Shin 9/8/2023 5:31:00 AM

please upload
PHILIPPINES


priti kagwade 7/22/2023 5:17:00 AM

please upload the braindump for .net
UNITED STATES


Robe 9/27/2023 8:15:00 PM

i need this exam 1z0-1107-2. please.
Anonymous


Chiranthaka 9/20/2023 11:22:00 AM

very useful!
Anonymous


Not Miguel 11/26/2023 9:43:00 PM

for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo
Anonymous


Andrus 12/17/2023 12:09:00 PM

q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.
Anonymous


Raj 5/25/2023 8:43:00 AM

nice questions
UNITED STATES


max 12/22/2023 3:45:00 PM

very useful
Anonymous


Muhammad Rawish Siddiqui 12/8/2023 6:12:00 PM

question # 208: failure logs is not an example of operational metadata.
SAUDI ARABIA


Sachin Bedi 1/5/2024 4:47:00 AM

good questions
Anonymous


Kenneth 12/8/2023 7:34:00 AM

thank you for the test materials!
KOREA REPUBLIC OF


Harjinder Singh 8/9/2023 4:16:00 AM

its very helpful
HONG KONG


SD 7/13/2023 12:56:00 AM

good questions
UNITED STATES


kanjoe 7/2/2023 11:40:00 AM

good questons
UNITED STATES


Mahmoud 7/6/2023 4:24:00 AM

i need the dumb of the hcip security v4.0 exam
EGYPT


Wei 8/3/2023 4:18:00 AM

upload the dump please
HONG KONG


Stephen 10/3/2023 6:24:00 PM

yes, iam looking this
AUSTRALIA


Stephen 8/4/2023 9:08:00 PM

please upload cima e2 managing performance dumps
Anonymous


hp 6/16/2023 12:44:00 AM

wonderful questions
Anonymous


Priyo 11/14/2023 2:23:00 AM

i used this site since 2000, still great to support my career
INDONESIA


Jude 8/29/2023 1:56:00 PM

why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
UNITED STATES


Marc blue 9/15/2023 4:11:00 AM

great job. hope this helps out.
UNITED STATES


Anne 9/13/2023 2:33:00 AM

upload please. many thanks!
Anonymous


pepe el toro 9/12/2023 7:55:00 PM

this is so interesting
Anonymous


Antony 11/28/2023 12:13:00 AM

great material thanks
AUSTRALIA


Thembelani 5/30/2023 2:22:00 AM

anyone who wrote this exam recently
Anonymous


P 9/16/2023 1:27:00 AM

ok they re good
Anonymous


Jorn 7/13/2023 5:05:00 AM

relevant questions
UNITED KINGDOM


AM 6/20/2023 7:54:00 PM

please post
UNITED STATES


Nagendra Pedipina 7/13/2023 2:22:00 AM

q:42 there has to be a image in the question to choose what does it mean from the options
INDIA


BrainDumpee 11/18/2023 1:36:00 PM

looking for cphq dumps, where can i find these for free? please and thank you.
UNITED STATES


sheik 10/14/2023 11:37:00 AM

@aarun , thanks for the information. it would be great help if you share your email
Anonymous


Random user 12/11/2023 1:34:00 AM

1z0-1078-23 need this dumps
Anonymous