CrowdStrike Certified Falcon Administrator CCFA-200 Exam Questions in PDF

Free CrowdStrike CCFA-200 Dumps Questions (page: 6)

You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes.
Which of the following parameters can be used to override the 20- minute default provisioning window?

  1. ExtendedWindow=1
  2. Timeout=0
  3. ProvNoWait=1
  4. Timeout=30

Answer(s): C

Explanation:

"ProvNoWait=1
The sensor does not abort installation if it can't connect to the CrowdStrike cloud within 20 minutes (10 minutes, in Falcon sensor version 6.21 and earlier). (By default, if the host can't contact our cloud, it will retry the connection for 20 minutes. After that, the host will automatically uninstall its sensor.)"

"ProvWaitTime=3600000
The sensor waits for 1 hour to connect to the CrowdStrike cloud when installing (the default is 20 minutes)."



How can you find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days?

  1. Under Dashboards and reports, choose the Sensor Report. Set the "Last Seen" dropdown to 30 days and reference the Inactive Sensors widget
  2. Under Host setup and management, choose the Host Management page. Set the group filter to "Inactive Sensors"
  3. Under Host setup and management > Managed endpoints > Inactive Sensors. Change the time range to 30 days
  4. Under Host setup and management, choose the Disabled Sensors Report. Change the time range to 30 days

Answer(s): C

Explanation:

The administrator can find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days by going to Host setup and management > Managed endpoints > Inactive Sensors. Then, change the time range to 30 days. This will show the host name, last seen date, sensor version and group name for each inactive host. The other options are either incorrect or not available.


Reference:

[CrowdStrike Falcon User Guide], page 31.



In order to quarantine files on the host, what prevention policy settings must be enabled?

  1. Malware Protection and Custom Execution Blocking must be enabled
  2. Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabled
  3. Malware Protection and Windows Anti-Malware Execution Blocking must be enabled
  4. Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled

Answer(s): B

Explanation:

In order to quarantine files on the host, the administrator must enable the Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" in the prevention policy settings. This will allow Falcon to quarantine malicious files and register them with Windows Security Center. The other options are either incorrect or not sufficient to enable quarantine.


Reference:

[CrowdStrike Falcon User Guide], page 36.



Why is it critical to have separate sensor update policies for Windows/Mac/*nix?

  1. There may be special considerations for each OS
  2. To assist with testing and tracking sensor rollouts
  3. The network protocols are different for each host OS
  4. It is an auditing requirement

Answer(s): A

Explanation:

https://www.crowdstrike.com/blog/tech-center/how-to-manage-policies-in-falcon/



How do you assign a policy to a specific group of hosts?

  1. Create a group containing the desired hosts using "Static Assignment." Go to the Assigned Host Groups tab of the desired policy and dick "Add groups to policy." Select the desired Group(s).
  2. Assign a tag to the desired hosts in Host Management. Create a group with an assignment rule based on that tag. Go to the Assignment tab of the desired policy and click "Add Groups to Policy."
    Select the desired Group(s).
  3. Create a group containing the desired hosts using "Dynamic Assignment." Go to the Assigned Host Groups tab of the desired policy and select criteria such as OU, OS, Hostname pattern, etc.
  4. On the Assignment tab of the desired policy, select "Static" assignment. From the next window, select the desired hosts (using fitters if needed) and click Add.

Answer(s): A

Explanation:

The administrator can assign a policy to a specific group of hosts by creating a group containing the desired hosts using "Static Assignment." Then, go to the Assigned Host Groups tab of the desired policy and click "Add groups to policy." Select the desired Group(s). This will apply the policy to the selected group(s) of hosts. The other options are either incorrect or not applicable to static assignment.


Reference:

[CrowdStrike Falcon User Guide], page 33.



Share your comments for CrowdStrike CCFA-200 exam with other users:

D
DC
1/7/2024 10:17:00 AM

great practice! thanks

A
Anonymus
11/9/2023 5:41:00 AM

anyone who wrote this exam recently?

K
Khalid Javid
11/17/2023 3:46:00 PM

kindly share the dump

N
Na
8/9/2023 8:39:00 AM

could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.

S
shime
10/23/2023 10:03:00 AM

this is really very very helpful for mcd level 1

V
Vnu
6/3/2023 2:39:00 AM

very helpful!

S
Steve
8/17/2023 2:19:00 PM

question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod

R
RITEISH
12/24/2023 4:33:00 AM

thanks for the exact solution

S
SB
10/15/2023 7:58:00 AM

need to refer the questions and have to give the exam

M
Mike Derfalem
7/16/2023 7:59:00 PM

i need it right now if it was possible please

I
Isak
7/6/2023 3:21:00 AM

i need it very much please share it in the fastest time.

M
Maria
6/23/2023 11:40:00 AM

correct answer is d for student.java program

N
Nagendra Pedipina
7/12/2023 9:10:00 AM

q:37 c is correct

J
John
9/16/2023 9:37:00 PM

q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???

S
SAM
12/4/2023 12:56:00 AM

explained answers

A
Andy
12/26/2023 9:35:00 PM

plan to take theaws certified developer - associate dva-c02 in the next few weeks

S
siva
5/17/2023 12:32:00 AM

very helpfull

M
mouna
9/27/2023 8:53:00 AM

good questions

B
Bhavya
9/12/2023 7:18:00 AM

help to practice csa exam

M
Malik
9/28/2023 1:09:00 PM

nice tip and well documented

R
rodrigo
6/22/2023 7:55:00 AM

i need the exam

D
Dan
6/29/2023 1:53:00 PM

please upload

A
Ale M
11/22/2023 6:38:00 PM

prepping for fsc exam

A
ahmad hassan
9/6/2023 3:26:00 AM

pd1 with great experience

Ž
Žarko
9/5/2023 3:35:00 AM

@t it seems like azure service bus message quesues could be the best solution

S
Shiji
10/15/2023 1:08:00 PM

helpful to check your understanding.

D
Da Costa
8/27/2023 11:43:00 AM

question 128 the answer should be static not auto

B
bot
7/26/2023 6:45:00 PM

more comments here

K
Kaleemullah
12/31/2023 1:35:00 AM

great support to appear for exams

B
Bsmaind
8/20/2023 9:26:00 AM

useful dumps

B
Blessious Phiri
8/13/2023 8:37:00 AM

making progress

N
Nabla
9/17/2023 10:20:00 AM

q31 answer should be d i think

V
vladputin
7/20/2023 5:00:00 AM

is this real?

N
Nick W
9/29/2023 7:32:00 AM

q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it

AI Tutor 👋 I’m here to help!