Free CCFA-200 Exam Braindumps (page: 16)

Page 15 of 39

When would the No Action option be assigned to a hash in IOC Management?

  1. When you want to save the indicator for later action, but do not want to block or allow it at this time
  2. Add the indicator to your allowlist and do not detect it
  3. There is no such option as No Action available in the Falcon console
  4. Add the indicator to your blocklist and show it as a detection

Answer(s): A

Explanation:

The No Action option can be assigned to a hash in IOC Management when you want to save the indicator for later action, but do not want to block or allow it at this time. This option will neither detect nor prevent the execution of the hash, but will keep it in the IOC list for future reference. The other options are either incorrect or not related to the No Action option.


Reference:

CrowdStrike Falcon User Guide, page 44.



Why is it important to know your company's event data retention limits in the Falcon platform?

  1. This is not necessary; you simply select "All Time" in your query to search all data
  2. You will not be able to search event data into the past beyond your retention period
  3. Data such as process records are kept for a shorter time than event data
  4. Your query will require you to specify the data pool associated with the date you wish to search

Answer(s): B

Explanation:

It is important to know your company's event data retention limits in the Falcon platform because you will not be able to search event data into the past beyond your retention period. The retention period is the amount of time that event data is stored in the Falcon Cloud, and it may vary depending on your subscription plan and settings. The other options are either incorrect or not related to knowing your retention limits.


Reference:

CrowdStrike Falcon User Guide, page 48.



What is the purpose of precedence with respect to the Sensor Update policy?

  1. Precedence applies to the Prevention policy and not to the Sensor Update policy
  2. Hosts assigned to multiple policies will assume the highest ranked policy in the list (policy with the lowest number)
  3. Hosts assigned to multiple policies will assume the lowest ranked policy in the list (policy with the highest number)
  4. Precedence ensures that conflicting policy settings are not set in the same policy

Answer(s): B

Explanation:

The purpose of precedence with respect to the Sensor Update policy is that hosts assigned to multiple policies will assume the highest ranked policy in the list (policy with the lowest number). This means that if a host belongs to more than one group that has different Sensor Update policies assigned, it will use the policy that has the highest precedence (lowest number) among them. The other options are either incorrect or not related to precedence.


Reference:

CrowdStrike Falcon User Guide, page 38.



When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?

  1. Maintenance token
  2. Customer ID (CID)
  3. Bulk update key
  4. Agent ID (AID)

Answer(s): A

Explanation:

When uninstalling a sensor, a maintenance token is required if the `Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies. This setting prevents unauthorized or accidental uninstallation of sensors by requiring a token that can be generated from the Falcon console. The other options are either incorrect or not related to uninstalling a sensor.


Reference:

CrowdStrike Falcon User Guide, page 29.






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts