All Obstacles During CCFA-200 Exam Preparation with CCFA-200 Real Test Questions [Q45-Q60]

Rate this post

All Obstacles During CCFA-200 Exam Preparation with CCFA-200 Real Test Questions

Fully Updated Free Actual CrowdStrike CCFA-200 Exam Questions

NO.45 Which is the correct order for manually installing a Falcon Package on a macOS system?

Install the Falcon package, then register the Falcon Sensor via the registration package

Install the Falcon package, then register the Falcon Sensor via command line

NO.46 You are beginning the rollout of the Falcon Sensor for the first time side-by-side with your existing security solution. You need to configure the Machine Learning levels of the Prevention Policy so it does not interfere with existing solutions during the testing phase. What settings do you choose?

Detection slider: Extra Aggressive
Prevention slider: Cautious

Detection slider: Moderate
Prevention slider: Disabled

Detection slider: Cautious
Prevention slider: Cautious

Detection slider: Disabled
Prevention slider: Disabled

NO.47 Which is a filter within the Host setup and management > Host management page?

User name

BIOS Version

Locality

NO.48 In order to quarantine files on the host, what prevention policy settings must be enabled?

Malware Protection and Custom Execution Blocking must be enabled

Next-Gen Antivirus Prevention sliders and “Quarantine & Security Center Registration” must be enabled

Malware Protection and Windows Anti-Malware Execution Blocking must be enabled

Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled

NO.49 Which of the following roles allows a Falcon user to create Real Time Response Custom Scripts?

Real Time Responder – Administrator

Real Time Responder – Read Only Analyst

Real Time Responder – Script Developer

Real Time Responder – Active Responder

NO.50 How can a Falcon Administrator configure a pop-up message to be displayed on a host when the Falcon sensor blocks, kills or quarantines an activity?

By ensuring each user has set the “pop-ups allowed” in their User Profile configuration page

By enabling “Upload quarantined files” in the General Settings configuration page

By turning on the “Notify End Users” setting at the top of the Prevention policy details configuration page

By selecting “Enable pop-up messages” from the User configuration page

NO.51 Which exclusion pattern will prevent detections on a file at C:Program FilesMy ProgramMy Filesprogram.exe?

Program FilesMy ProgramMy Files*

Program FilesMy Program*

*Program FilesMy Program*

NO.52 Which of the following is TRUE of the Logon Activities Report?

Shows a graphical view of user logon activity and the hosts the user connected to

The report can be filtered by computer name

It gives a detailed list of all logon activity for users

It only gives a summary of the last logon activity for users

NO.53 Where can you modify settings to permit certain traffic during a containment period?

Prevention Policy

Host Settings

Containment Policy

Firewall Settings

NO.54 When creating an API client, which of the following must be saved immediately since it cannot be viewed again after the client is created?

Base URL

Secret

Client ID

Client name

NO.55 On a Windows host, what is the best command to determine if the sensor is currently running?

sc query csagent

netstat -a

This cannot be accomplished with a command

ping falcon.crowdstrike.com

NO.56 What information is provided in Logan Activities under Visibility Reports?

A list of all logons for all users

A list of last endpoints that a user logged in to

A list of users who are remotely logged on to devices based on local IP and local port

A list of unique users who are remotely logged on to devices based on the country

NO.57 While a host is Network contained, you need to allow the host to access internal network resources on specific IP addresses to perform patching and remediation. Which configuration would you choose?

Configure a Real Time Response policy allowlist with the specific IP addresses

Configure a Containment Policy with the specific IP addresses

Configure a Containment Policy with the entire internal IP CIDR block

Configure the Host firewall to allowlist the specific IP addresses

NO.58 To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead

Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only

Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block

Using IOC management, import the list of hashes and IP addresses and set the action to No Action

NO.59 Once an exclusion is saved, what can be edited in the future?

All parts of the exclusion can be changed

Only the selected groups and hosts to which the exclusion is applied can be changed

Only the options to “Detect/Block” and/or “File Extraction” can be changed

The exclusion pattern cannot be changed

NO.60 Which of the following can a Falcon Administrator edit in an existing user’s profile?

First or Last name

Phone number

Email address

Working groups

Loading …

Validate your CCFA-200 Exam Preparation with CCFA-200 Practice Test: https://www.real4dumps.com/CCFA-200_examcollection.html

All Obstacles During CCFA-200 Exam Preparation with CCFA-200 Real Test Questions [Q45-Q60]

Leave a Reply Cancel reply

Related Posts

[Q86-Q107] CCFA-200 Free Update With 100% Exam Passing Guarantee [2024]