CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

Free CCFA-200 Exam Braindumps (page: 14)

Page 14 of 39
PDF with 153 Questions

How do you assign a Prevention policy to one or more hosts?

  1. Create a new policy and assign it directly to those hosts on the Host Management page
  2. Modify the users roles on the User Management page
  3. Ensure the hosts are in a group and assign that group to a custom Prevention policy
  4. Create a new policy and assign it directly to those hosts on the Prevention policy page

Answer(s): C

Explanation:

The administrator can assign a Prevention policy to one or more hosts by ensuring the hosts are in a group and assigning that group to a custom Prevention policy. This allows users to apply different prevention settings and options to different groups of hosts based on their needs and preferences. The other options are either incorrect or not applicable to assigning a Prevention policy.


Reference:

[CrowdStrike Falcon User Guide], page 34.



You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they are not allowed to run in your environment. You have chosen to use Falcon to do this.
Which is the best way to accomplish this?

  1. Using the Support Portal, create a support ticket and include the list of binary hashes, asking support to create an "Execution Prevention" rule to prevent these processes from running
  2. Using Custom Alerts in the Investigate App, create a new alert using the template "Process Execution" and within that rule, select the option to "Block Execution"
  3. Using IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking.
  4. Using the API, gather the list of SHA256 or MD5 hashes for each binary and then upload them, setting them all to "Never Allow"

Answer(s): C

Explanation:

The best way to ensure that a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers are not allowed to run in your environment is to use IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking. This will allow Falcon to block the execution of these hashes on the hosts using this policy. The other options are either incorrect or not efficient to achieve this goal.


Reference:

[CrowdStrike Falcon User Guide], page 44.



Which exclusion pattern will prevent detections on a file at C:\Program Files\My Program\My Files\program.exe?

  1. \Program Files\My Program\My Files\*
  2. \Program Files\My Program\*
  3. *\*
  4. *\Program Files\My Program\*\

Answer(s): A

Explanation:

The exclusion pattern that will prevent detections on a file at C:\Program Files\My Program\My

Files\program.exe is \Program Files\My Program\My Files*. This pattern will match any file under the My Files folder, including program.exe, and exclude them from detections. The other patterns are either incorrect or too broad to prevent detections on this specific file.


Reference:

[CrowdStrike Falcon User Guide], page 37.



When a host is placed in Network Containment, which of the following is TRUE?

  1. The host machine is unable to send or receive network traffic outside of the local network
  2. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and traffic allowed in the Firewall Policy
  3. The host machine is unable to send or receive any network traffic
  4. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and any resources allowlisted in the Containment Policy

Answer(s): D

Explanation:

When a host is placed in Network Containment, the host machine is unable to send or receive network traffic except to/from the Falcon Cloud and any resources allowlisted in the Containment Policy. This allows users to isolate a host from the network, while still allowing it to communicate with the Falcon Cloud and other essential services. The other options are either incorrect or not true of Network Containment.


Reference:

CrowdStrike Falcon User Guide, page 40.



Page 14 of 39



Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

Mano commented on October 07, 2024
Thank you very much for this study material. I found it very useful.
Japan
upvote

John commented on October 07, 2024
This exam dump is not bad at all. Exam itself is hard but I passed.
Netherlands
upvote

Mogi commented on October 07, 2024
simple question
Anonymous
upvote

mOGI commented on October 07, 2024
SIMPLE QUESTIONS
Anonymous
upvote

Ajinkya commented on October 07, 2024
Helped me to crack
Anonymous
upvote

Syama Sundar commented on October 07, 2024
preparing the exam and for testing your questions is helping very much . Really need the other questions to validate my ability.
AUSTRALIA
upvote

Syam commented on October 07, 2024
fantastic support for certification seekers
AUSTRALIA
upvote

mogi commented on October 07, 2024
Good worksimple question but certification have tough questions
Anonymous
upvote

Julian commented on October 07, 2024
Passed and got a 92% in this exam.
Anonymous
upvote

Tsholofelo commented on October 07, 2024
Tricky question
Anonymous
upvote

Gowtham commented on October 06, 2024
Great questions
UNITED STATES
upvote

Brook commented on October 06, 2024
Great While free AZ-900 exam braindumps might seem tempting, they often come with risks like outdated information or inaccuracies. Investing in reliable study materials, like those from this site ensures you get the latest and most accurate content to help you succeed.
Anonymous
upvote

Yogi commented on October 06, 2024
Simple quesitons
CANADA
upvote

Anderson commented on October 06, 2024
Finally passed this exam. I am certified now and ready for a promotion.
Brazil
upvote

NOOR commented on October 06, 2024
I want to pass my CIA Exam P2 withing the next 2weeks, can I get help?
UNITED ARAB EMIRATES
upvote

Gevo commented on October 05, 2024
First exam is passed. Studying and preparation for second exam now. I purchased 2 study guides with 50% discount. Goo deal.
Singapore
upvote

Ama commented on October 05, 2024
Dump PDF OK
Anonymous
upvote

Marv commented on October 05, 2024
This is Great!
Anonymous
upvote

Aaa commented on October 05, 2024
Best Practice
Anonymous
upvote

sadai commented on October 05, 2024
I really apricate this helpful test
Anonymous
upvote

sadai commented on October 04, 2024
I do not know to say thanks it is really useful
Anonymous
upvote

sadai commented on October 04, 2024
it was really useful thank you so much
Anonymous
upvote

sadai commented on October 04, 2024
Hi it was really helpful for me to improve my mind
Anonymous
upvote

Mohammed Haque commented on October 04, 2024
very useful site for exam prep
UNITED STATES
upvote

Melvin commented on October 04, 2024
Educational
Anonymous
upvote

NJ commented on October 04, 2024
Good Study Material
UNITED STATES
upvote

Tsholofelo commented on October 04, 2024
Mostly challenging question
Anonymous
upvote

Moana commented on October 04, 2024
Preperation
Anonymous
upvote

Nate commented on October 04, 2024
I worked really hard to pass this exam. It is a very hard exam. These questions are you best buddy. So use them.
UNITED STATES
upvote

Dominic commented on October 04, 2024
Lots of comments here asking if any one passed this exam. I did pass this exam. It is tough one. Study hard and use these exam questions and answers. You will be able to pass.
UNITED STATES
upvote

Miss Tech commented on October 04, 2024
@Lucas, hi did you pass?and how many questions were in the Exam because l can only see 47Q here on the dumps,???
Anonymous
upvote

Vani commented on October 04, 2024
Very useful
Anonymous
upvote

Priyanka Prasad commented on October 04, 2024
i need questions
Anonymous
upvote

Jack commented on October 03, 2024
are these still legit?
Anonymous
upvote