CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

Free CCFA-200 Exam Braindumps (page: 15)

Page 14 of 39
PDF with 153 Questions

How do you assign a Prevention policy to one or more hosts?

  1. Create a new policy and assign it directly to those hosts on the Host Management page
  2. Modify the users roles on the User Management page
  3. Ensure the hosts are in a group and assign that group to a custom Prevention policy
  4. Create a new policy and assign it directly to those hosts on the Prevention policy page

Answer(s): C

Explanation:

The administrator can assign a Prevention policy to one or more hosts by ensuring the hosts are in a group and assigning that group to a custom Prevention policy. This allows users to apply different prevention settings and options to different groups of hosts based on their needs and preferences. The other options are either incorrect or not applicable to assigning a Prevention policy.


Reference:

[CrowdStrike Falcon User Guide], page 34.



You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they are not allowed to run in your environment. You have chosen to use Falcon to do this.
Which is the best way to accomplish this?

  1. Using the Support Portal, create a support ticket and include the list of binary hashes, asking support to create an "Execution Prevention" rule to prevent these processes from running
  2. Using Custom Alerts in the Investigate App, create a new alert using the template "Process Execution" and within that rule, select the option to "Block Execution"
  3. Using IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking.
  4. Using the API, gather the list of SHA256 or MD5 hashes for each binary and then upload them, setting them all to "Never Allow"

Answer(s): C

Explanation:

The best way to ensure that a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers are not allowed to run in your environment is to use IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking. This will allow Falcon to block the execution of these hashes on the hosts using this policy. The other options are either incorrect or not efficient to achieve this goal.


Reference:

[CrowdStrike Falcon User Guide], page 44.



Which exclusion pattern will prevent detections on a file at C:\Program Files\My Program\My Files\program.exe?

  1. \Program Files\My Program\My Files\*
  2. \Program Files\My Program\*
  3. *\*
  4. *\Program Files\My Program\*\

Answer(s): A

Explanation:

The exclusion pattern that will prevent detections on a file at C:\Program Files\My Program\My

Files\program.exe is \Program Files\My Program\My Files*. This pattern will match any file under the My Files folder, including program.exe, and exclude them from detections. The other patterns are either incorrect or too broad to prevent detections on this specific file.


Reference:

[CrowdStrike Falcon User Guide], page 37.



When a host is placed in Network Containment, which of the following is TRUE?

  1. The host machine is unable to send or receive network traffic outside of the local network
  2. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and traffic allowed in the Firewall Policy
  3. The host machine is unable to send or receive any network traffic
  4. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and any resources allowlisted in the Containment Policy

Answer(s): D

Explanation:

When a host is placed in Network Containment, the host machine is unable to send or receive network traffic except to/from the Falcon Cloud and any resources allowlisted in the Containment Policy. This allows users to isolate a host from the network, while still allowing it to communicate with the Falcon Cloud and other essential services. The other options are either incorrect or not true of Network Containment.


Reference:

CrowdStrike Falcon User Guide, page 40.






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts