CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

Free CCFA-200 Exam Braindumps (page: 19)

Page 18 of 39
PDF with 153 Questions

In order to exercise manual control over the sensor upgrade process, as well as prevent unauthorized users from uninstalling or upgrading the sensor, which settings in the Sensor Update Policy would meet this criteria?

  1. Sensor version set to N-1 and Bulk maintenance mode is turned on
  2. Sensor version fixed and Uninstall and maintenance protection turned on
  3. Sensor version updates off and Uninstall and maintenance protection turned off
  4. Sensor version set to N-2 and Bulk maintenance mode is turned on

Answer(s): B

Explanation:

In order to exercise manual control over the sensor upgrade process, as well as prevent unauthorized users from uninstalling or upgrading the sensor, the administrator should set the Sensor version to fixed and turn on the Uninstall and maintenance protection setting in the Sensor Update Policy. This will allow the administrator to specify which sensor version will be used by the hosts using this policy, and also require a maintenance token to uninstall or upgrade the sensor. The other options are either incorrect or not sufficient to meet this criteria.


Reference:

CrowdStrike Falcon User Guide, page 38.



Once an exclusion is saved, what can be edited in the future?

  1. All parts of the exclusion can be changed
  2. Only the selected groups and hosts to which the exclusion is applied can be changed
  3. Only the options to "Detect/Block" and/or "File Extraction" can be changed
  4. The exclusion pattern cannot be changed

Answer(s): A

Explanation:

Once an exclusion is saved, all parts of the exclusion can be changed in the future. The administrator can edit an existing exclusion by selecting it from the Exclusions page and modifying any of its fields, such as pattern, type, option, group or host. The other options are either incorrect or not true of editing exclusions.


Reference:

CrowdStrike Falcon User Guide, page 37.



Which of the following options is a feature found ONLY with the Sensor-based Machine Learning (ML)?

  1. Next-Gen Antivirus (NGAV) protection
  2. Adware and Potentially Unwanted Program detection and prevention
  3. Real-time offline protection
  4. Identification and analysis of unknown executables

Answer(s): D

Explanation:

According to documentation (documentation/detections/technique/sensor-based-ml-cst0007):
CrowdStrike sensor-based machine learning (ML) identifies and analyzes unknown executables as they run on hosts. This technique is triggered by files and file attributes associated with known malware. This is similar to the [Cloud-based
ML](/support/documentation/detections/technique/cloud-based-ml) technique. Cloud-based ML is informed by global analysis of executables that classifies and identifies malware. The key difference is that it doesn't run on hosts when they're offline.



How do you find a list of inactive sensors?

  1. The Falcon platform does not provide reporting for inactive sensors
  2. A sensor is always considered active until removed by an Administrator
  3. Run the Inactive Sensor Report in the Host setup and management option
  4. Run the Sensor Aging Report within the Investigate option

Answer(s): C

Explanation:

The Inactive Sensor Report in the Host setup and management option allows you to view a list of hosts that have not communicated with the Falcon platform for a specified period of time. You can filter the report by sensor version, OS, and last seen date. This report can help you identify hosts that may have connectivity issues or need sensor updates.


Reference:

Falcon Administrator Learning Path | Infographic | CrowdStrike






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts