Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CrowdStrike
  3. CCFA-200

CrowdStrike CCFA-200 Exam (page: 4)
CrowdStrike Certified Falcon Administrator
Updated on: 12-Feb-2026

Viewing Page 4 of 32
CCFA-200 PDF 153 Questions

What is the goal of a Network Containment Policy?

  1. Increase the aggressiveness of the assigned prevention policy
  2. Limit the impact of a compromised host on the network
  3. Gain more visibility into network activities
  4. Partition a network for privacy

Answer(s): B

Explanation:

The goal of a Network Containment Policy is to limit the impact of a compromised host on the network. This policy allows users to isolate a host from the network, while still allowing it to communicate with the Falcon Cloud and other essential services. This can help prevent further damage or data exfiltration from a compromised host. The other options are either incorrect or not related to the policy.


Reference:

[CrowdStrike Falcon User Guide], page 40.



Which of the following applies to Custom Blocking Prevention Policy settings?

  1. Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
  2. Blocklisting applies to hashes, IP addresses, and domains
  3. Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
  4. You can only blocklist hashes via the API

Answer(s): A

Explanation:

Falcon allows you to upload hashes from your own black or white lists. To enabled this navigate to the Configuration App, Prevention hashes window, and click on "Upload Hashes" in the upper right- hand corner. Note that you can also automate the task of importing hashes with the CrowdStrike Falcon® API.
https://www.crowdstrike.com/blog/tech-center/how-to-prevent-malware-with-custom-blacklisting/



How many "Auto" sensor version update options are available for Windows Sensor Update Policies?

  1. 1
  2. 2
  3. 0
  4. 3

Answer(s): D

Explanation:

There are three "Auto" sensor version update options available for Windows Sensor Update Policies:
Auto - N-1, Auto - TEST-QA and Auto - Latest. These options allow the administrator to automatically update the sensor version to the previous stable version, the latest test version or the latest stable version, respectively.


Reference:

[CrowdStrike Falcon User Guide], page 38.



The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon?

  1. Policy alignment is configured in the "Host Management" section in the Hosts application
  2. Policy alignment is configured only once during the initial creation of the policy in the "Create New Policy" pop-up window
  3. Policy alignment is configured in the General Settings section under the Configuration menu
  4. Policy alignment is configured in each policy in the "Assigned Host Groups" tab

Answer(s): D

Explanation:

The alignment of a particular prevention policy to one or more host groups can be completed in each policy in the "Assigned Host Groups" tab. This tab allows the administrator to select which host groups will use the policy, as well as view the number of hosts and sensors assigned to each group. The other options are either incorrect or not available.


Reference:

[CrowdStrike Falcon User Guide], page 34.



How long are detection events kept in Falcon?

  1. Detection events are kept for 90 days
  2. Detections events are kept for your subscribed data retention period
  3. Detection events are kept for 7 days
  4. Detection events are kept for 30 days

Answer(s): A

Explanation:

" Data is only available in the Falcon UI for investigations, etc. through the company's data retention time frame; detection information is kept for 90 days regardless; UI audits are available for 1 year



Viewing Page 4 of 32



Share your comments for CrowdStrike CCFA-200 exam with other users:

francesco 10/30/2023 11:08:00 AM

helpful on 2017 scrum guide
EUROPEAN UNION


Amitabha Roy 10/5/2023 3:16:00 AM

planning to attempt for the exam.
Anonymous


Prem Yadav 7/29/2023 6:20:00 AM

pleaseee upload
INDIA


Ahmed Hashi 7/6/2023 5:40:00 PM

thanks ly so i have information cia
EUROPEAN UNION


mansi 5/31/2023 7:58:00 AM

hello team, i need sap qm dumps for practice
INDIA


Jamil aljamil 12/4/2023 4:47:00 AM

it’s good but not senatios based
UNITED KINGDOM


Cath 10/10/2023 10:19:00 AM

q.119 - the correct answer is b - they are not captured in an update set as theyre data.
VIET NAM


P 1/6/2024 11:22:00 AM

good matter
Anonymous


surya 7/30/2023 2:02:00 PM

please upload c_sacp_2308
CANADA


Sasuke 7/11/2023 10:30:00 PM

please upload the dump. thanks very much !!
Anonymous


V 7/4/2023 8:57:00 AM

good questions
UNITED STATES


TTB 8/22/2023 5:30:00 AM

hi, could you please update the latest dump version
Anonymous


T 7/28/2023 9:06:00 PM

this question is keep repeat : you are developing a sales application that will contain several azure cloud services and handle different components of a transaction. different cloud services will process customer orders, billing, payment, inventory, and shipping. you need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using xml messages. what should you include in the recommendation?
NEW ZEALAND


Gurgaon 9/28/2023 4:35:00 AM

great questions
UNITED STATES


wasif 10/11/2023 2:22:00 AM

its realy good
UNITED ARAB EMIRATES


Shubhra Rathi 8/26/2023 1:12:00 PM

oracle 1z0-1059-22 dumps
Anonymous


Leo 7/29/2023 8:48:00 AM

please share me the pdf..
INDIA


AbedRabbou Alaqabna 12/18/2023 3:10:00 AM

q50: which two functions can be used by an end user when pivoting an interactive report? the correct answer is a, c because we do not have rank in the function pivoting you can check in the apex app
GREECE


Rohan Limaye 12/30/2023 8:52:00 AM

best to practice
Anonymous


Aparajeeta 10/13/2023 2:42:00 PM

so far it is good
Anonymous


Vgf 7/20/2023 3:59:00 PM

please provide me the dump
Anonymous


Deno 10/25/2023 1:14:00 AM

i failed the cisa exam today. but i have found all the questions that were on the exam to be on this site.
Anonymous


CiscoStudent 11/15/2023 5:29:00 AM

in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.
Anonymous


pankaj 9/28/2023 4:36:00 AM

it was helpful
Anonymous


User123 10/8/2023 9:59:00 AM

good question
UNITED STATES


vinay 9/4/2023 10:23:00 AM

really nice
Anonymous


Usman 8/28/2023 10:07:00 AM

please i need dumps for isc2 cybersecuity
Anonymous


Q44 7/30/2023 11:50:00 AM

ans is coldline i think
UNITED STATES


Anuj 12/21/2023 1:30:00 PM

very helpful
Anonymous


Giri 9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more
UNITED STATES


Aaron 2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
SOUTH AFRICA


Sarwar 12/21/2023 4:54:00 PM

how i can see exam questions?
CANADA


Chengchaone 9/11/2023 10:22:00 AM

can you please upload please?
Anonymous


Mouli 9/2/2023 7:02:00 AM

question 75: option c is correct answer
Anonymous