CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

Free CCFA-200 Exam Braindumps (page: 11)

Page 10 of 39
PDF with 153 Questions

You notice there are multiple Windows hosts in Reduced functionality mode (RFM).
What is the most likely culprit causing these hosts to be in RFM?

  1. A Sensor Update Policy was misconfigured
  2. A host was offline for more than 24 hours
  3. A patch was pushed overnight to all Windows systems
  4. A host was placed in network containment from a detection

Answer(s): C

Explanation:

The most likely culprit causing multiple Windows hosts to be in Reduced Functionality Mode (RFM) is a patch that was pushed overnight to all Windows systems. RFM occurs when the sensor detects a change in the operating system that requires a reboot to complete. A patch is one of the common causes of such a change. The other options are either incorrect or not related to RFM.


Reference:

CrowdStrike Falcon User Guide, page 30.



Which of the following is TRUE of the Logon Activities Report?

  1. Shows a graphical view of user logon activity and the hosts the user connected to
  2. The report can be filtered by computer name
  3. It gives a detailed list of all logon activity for users
  4. It only gives a summary of the last logon activity for users

Answer(s): D

Explanation:

The Logon Activities Report shows a graphical view of user logon activity and the hosts the user connected to, but it only gives a summary of the last logon activity for users. It does not give a detailed list of all logon activity for users, nor can it be filtered by computer name. The other options are either incorrect or not true of the report.


Reference:

CrowdStrike Falcon User Guide, page 50.



Which of the following roles allows a Falcon user to create Real Time Response Custom Scripts?

  1. Real Time Responder ­ Administrator
  2. Real Time Responder ­ Read Only Analyst
  3. Real Time Responder ­ Script Developer
  4. Real Time Responder ­ Active Responder

Answer(s): A

Explanation:

Real Time Responder - Administrator (RTR Administrator) - Can do everything RTR Active Responder can do, plus create custom scripts, upload files to hosts using the put command, and directly run executables using the run command.



What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform?

  1. For - While statement(s)
  2. Trigger, condition(s) and action(s)
  3. Event trigger(s)
  4. Predefined workflow template(s)

Answer(s): B

Explanation:

The model that is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform is trigger, condition(s) and action(s). This model allows you to specify what event will trigger the workflow, what condition(s) must be met for the workflow to execute, and what action(s) will be performed by the workflow. The other options are either incorrect or not related to creating workflows.


Reference:

CrowdStrike Falcon User Guide, page 56.






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts