Free CCFA-200 Exam Braindumps (page: 18)

Page 17 of 39

You need to export a list of all deletions for a specific Host Name in the last 24 hours.
What is the best way to do this?

  1. Go to Host Management in the Host page. Select the host and use the Export Detections button
  2. Utilize the Detection Resolution Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detection Resolution History" section
  3. In the Investigate module, access the Detection Activity page. Use the filters to focus on the appropriate hostname and time, then export the results
  4. Utilize the Detection Activity Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detections by Host" section

Answer(s): C

Explanation:

The best way to export a list of all deletions for a specific Host Name in the last 24 hours is to go to the Investigate module, access the Detection Activity page, use the filters to focus on the appropriate hostname and time, then export the results. This will allow you to download a CSV file that contains information about all the detections that were deleted for that host in that time period. The other options are either incorrect or not related to exporting deletions.


Reference:

CrowdStrike Falcon User Guide, page 49.



Which role will allow someone to manage quarantine files?

  1. Falcon Security Lead
  2. Detections Exceptions Manager
  3. Falcon Analyst ­ Read Only
  4. Endpoint Manager

Answer(s): A

Explanation:

The role that will allow someone to manage quarantine files is Falcon Security Lead. This role allows users to view and manage quarantined files, as well as release them from quarantine or download them for further analysis. The other roles do not have this capability.


Reference:

CrowdStrike Falcon User Guide, page 19.



What is the maximum number of patterns that can be added when creating a new exclusion?

  1. 10
  2. 0
  3. 1
  4. 5

Answer(s): C

Explanation:

The maximum number of patterns that can be added when creating a new exclusion is one. Each exclusion can only have one pattern, which can be a file path, a hash, a command line or a user name. The other options are either incorrect or not related to creating exclusions.


Reference:

CrowdStrike Falcon User Guide, page 37.



You are evaluating the most appropriate Prevention Policy Machine Learning slider settings for your environment. In your testing phase, you configure the Detection slider as Aggressive. After running the sensor with this configuration for 1 week of testing, which Audit report should you review to determine the best Machine Learning slider settings for your organization?

  1. Prevention Policy Audit Trail
  2. Prevention Policy Debug
  3. Prevention Hashes Ignored
  4. Machine-Learning Prevention Monitoring

Answer(s): D

Explanation:

Audit logs --> Machine-learning prevention monitoring It shows the count of ML expected detections based on the detection levels for a defined time period and the list of files that would be detected on each detection level.






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts