Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CrowdStrike
  3. CCFA-200

CrowdStrike CCFA-200 Exam (page: 4)
CrowdStrike Certified Falcon Administrator
Updated on: 25-Dec-2025

Viewing Page 4 of 32
CCFA-200 PDF 153 Questions

What is the goal of a Network Containment Policy?

  1. Increase the aggressiveness of the assigned prevention policy
  2. Limit the impact of a compromised host on the network
  3. Gain more visibility into network activities
  4. Partition a network for privacy

Answer(s): B

Explanation:

The goal of a Network Containment Policy is to limit the impact of a compromised host on the network. This policy allows users to isolate a host from the network, while still allowing it to communicate with the Falcon Cloud and other essential services. This can help prevent further damage or data exfiltration from a compromised host. The other options are either incorrect or not related to the policy.


Reference:

[CrowdStrike Falcon User Guide], page 40.



Which of the following applies to Custom Blocking Prevention Policy settings?

  1. Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
  2. Blocklisting applies to hashes, IP addresses, and domains
  3. Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
  4. You can only blocklist hashes via the API

Answer(s): A

Explanation:

Falcon allows you to upload hashes from your own black or white lists. To enabled this navigate to the Configuration App, Prevention hashes window, and click on "Upload Hashes" in the upper right- hand corner. Note that you can also automate the task of importing hashes with the CrowdStrike Falcon® API.
https://www.crowdstrike.com/blog/tech-center/how-to-prevent-malware-with-custom-blacklisting/



How many "Auto" sensor version update options are available for Windows Sensor Update Policies?

  1. 1
  2. 2
  3. 0
  4. 3

Answer(s): D

Explanation:

There are three "Auto" sensor version update options available for Windows Sensor Update Policies:
Auto - N-1, Auto - TEST-QA and Auto - Latest. These options allow the administrator to automatically update the sensor version to the previous stable version, the latest test version or the latest stable version, respectively.


Reference:

[CrowdStrike Falcon User Guide], page 38.



The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon?

  1. Policy alignment is configured in the "Host Management" section in the Hosts application
  2. Policy alignment is configured only once during the initial creation of the policy in the "Create New Policy" pop-up window
  3. Policy alignment is configured in the General Settings section under the Configuration menu
  4. Policy alignment is configured in each policy in the "Assigned Host Groups" tab

Answer(s): D

Explanation:

The alignment of a particular prevention policy to one or more host groups can be completed in each policy in the "Assigned Host Groups" tab. This tab allows the administrator to select which host groups will use the policy, as well as view the number of hosts and sensors assigned to each group. The other options are either incorrect or not available.


Reference:

[CrowdStrike Falcon User Guide], page 34.



How long are detection events kept in Falcon?

  1. Detection events are kept for 90 days
  2. Detections events are kept for your subscribed data retention period
  3. Detection events are kept for 7 days
  4. Detection events are kept for 30 days

Answer(s): A

Explanation:

" Data is only available in the Falcon UI for investigations, etc. through the company's data retention time frame; detection information is kept for 90 days regardless; UI audits are available for 1 year



Viewing Page 4 of 32



Share your comments for CrowdStrike CCFA-200 exam with other users:

Deep 6/12/2023 7:22:00 AM

needed dumps
INDIA


tumz 1/16/2024 10:30:00 AM

very helpful
UNITED STATES


NRI 8/27/2023 10:05:00 AM

will post once the exam is finished
UNITED STATES


kent 11/3/2023 10:45:00 AM

relevant questions
Anonymous


Qasim 6/11/2022 9:43:00 AM

just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
Anonymous


Cath 10/10/2023 10:09:00 AM

q.112 - correct answer is c - the event registry is a module that provides event definitions. answer a - not correct as it is the definition of event log
VIET NAM


Shiji 10/15/2023 1:31:00 PM

good and useful.
INDIA


Ade 6/25/2023 1:14:00 PM

good questions
Anonymous


Praveen P 11/8/2023 5:18:00 AM

good content
UNITED STATES


Anastasiia 12/28/2023 9:06:00 AM

totally not correct answers. 21. you have one gcp account running in your default region and zone and another account running in a non-default region and zone. you want to start a new compute engine instance in these two google cloud platform accounts using the command line interface. what should you do? correct: create two configurations using gcloud config configurations create [name]. run gcloud config configurations activate [name] to switch between accounts when running the commands to start the compute engine instances.
Anonymous


Priyanka 7/24/2023 2:26:00 AM

kindly upload the dumps
Anonymous


Nabeel 7/25/2023 4:11:00 PM

still learning
Anonymous


gure 7/26/2023 5:10:00 PM

excellent way to learn
UNITED STATES


ciken 8/24/2023 2:55:00 PM

help so much
Anonymous


Biswa 11/20/2023 9:28:00 AM

understand sql col.
Anonymous


Saint Pierre 10/24/2023 6:21:00 AM

i would give 5 stars to this website as i studied for az-800 exam from here. it has all the relevant material available for preparation. i got 890/1000 on the test.
Anonymous


Rose 7/24/2023 2:16:00 PM

this is nice.
Anonymous


anon 10/15/2023 12:21:00 PM

q55- the ridac workflow can be modified using flow designer, correct answer is d not a
UNITED STATES


NanoTek3 6/13/2022 10:44:00 PM

by far this is the most accurate exam dumps i have ever purchased. all questions are in the exam. i saw almost 90% of the questions word by word.
UNITED STATES


eriy 11/9/2023 5:12:00 AM

i cleared the az-104 exam by scoring 930/1000 on the exam. it was all possible due to this platform as it provides premium quality service. thank you!
UNITED STATES


Muhammad Rawish Siddiqui 12/8/2023 8:12:00 PM

question # 232: accessibility, privacy, and innovation are not data quality dimensions.
SAUDI ARABIA


Venkat 12/27/2023 9:04:00 AM

looks wrong answer for 443 question, please check and update
Anonymous


Varun 10/29/2023 9:11:00 PM

great question
Anonymous


Doc 10/29/2023 9:36:00 PM

question: a user wants to start a recruiting posting job posting. what must occur before the posting process can begin? 3 ans: comment- option e is incorrect reason: as part of enablement steps, sap recommends that to be able to post jobs to a job board, a user need to have the correct permission and secondly, be associated with one posting profile at minimum
UNITED KINGDOM


It‘s not A 9/17/2023 5:31:00 PM

answer to question 72 is d [sys_user_role]
Anonymous


indira m 8/14/2023 12:15:00 PM

please provide the pdf
UNITED STATES


ribrahim 8/1/2023 6:05:00 AM

hey guys, just to let you all know that i cleared my 312-38 today within 1 hr with 100 questions and passed. thank you so much brain-dumps.net all the questions that ive studied in this dump came out exactly the same word for word "verbatim". you rock brain-dumps.net!!! section name total score gained score network perimeter protection 16 11 incident response 10 8 enterprise virtual, cloud, and wireless network protection 12 8 application and data protection 13 10 network défense management 10 9 endpoint protection 15 12 incident d
SINGAPORE


Andrew 8/23/2023 6:02:00 PM

very helpful
Anonymous


latha 9/7/2023 8:14:00 AM

useful questions
GERMANY


ibrahim 11/9/2023 7:57:00 AM

page :20 https://exam-dumps.com/snowflake/free-cof-c02-braindumps.html?p=20#collapse_453 q 74: true or false: pipes can be suspended and resumed. true. desc.: pausing or resuming pipes in addition to the pipe owner, a role that has the following minimum permissions can pause or resume the pipe https://docs.snowflake.com/en/user-guide/data-load-snowpipe-intro
FINLAND


Franklin Allagoa 7/5/2023 5:16:00 AM

i want hcia exam dumps
Anonymous


SSA 12/24/2023 1:18:00 PM

good training
Anonymous


BK 8/11/2023 12:23:00 PM

very useful
INDIA


Deepika Narayanan 7/13/2023 11:05:00 PM

yes need this exam dumps
Anonymous