CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

Free CCFA-200 Exam Braindumps

Where can you modify settings to permit certain traffic during a containment period?

  1. Prevention Policy
  2. Host Settings
  3. Containment Policy
  4. Firewall Settings

Answer(s): C

Explanation:

The administrator can modify settings to permit certain traffic during a containment period by creating or editing a Containment Policy. This policy allows users to specify which ports, protocols and IP addresses are allowed or blocked during network containment. The other options are either incorrect or not related to network containment.


Reference:

[CrowdStrike Falcon User Guide], page 40.



Which option allows you to exclude behavioral detections from the detections page?

  1. Machine Learning Exclusion
  2. IOA Exclusion
  3. IOC Exclusion
  4. Sensor Visibility Exclusion

Answer(s): B

Explanation:

IOA Exclusion says - Stop all behavioral detections and preventions for an IOA that's based on a CrowdStrike-generated detection. Source:
https://falcon.crowdstrike.com/documentation/68/detection-and-prevention-policies#exclusions



What are custom alerts based on?

  1. Custom workflows
  2. Custom event based triggers
  3. Predefined alert templates
  4. User defined Splunk queries

Answer(s): C

Explanation:

Scheduling a Custom Alert for your environment consists of three steps: choosing the template you'd like to configure, previewing the search results, then scheduling the alert. Use Custom Alerts to configure email alerts using predefined templates so you're notified about specific activity in your environment.
When an alert runs and finds results, it sends an email to specified recipients instead of generating a new detection. Custom Alerts let you set up email alerts based on predefined templates that cover a wide range of topics including Real Time Response session initiation, host containment, OS security settings, and more that are not yet covered by notification workflows.



When creating an API client, which of the following must be saved immediately since it cannot be viewed again after the client is created?

  1. Base URL
  2. Secret
  3. Client ID
  4. Client name

Answer(s): B

Explanation:

When creating an API client, the secret must be saved immediately since it cannot be viewed again after the client is created. The secret is a randomly generated string that is used to authenticate the API client along with the client ID. The other options are either incorrect or can be viewed or modified later.


Reference:

CrowdStrike Falcon User Guide, page 54.






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts