CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

Free CCFA-200 Exam Braindumps (page: 20)

Page 19 of 39
PDF with 153 Questions

Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?

  1. Sensor Report
  2. Machine Learning Prevention Monitoring
  3. Falcon UI Audit Trail
  4. Machine Learning Debug

Answer(s): B

Explanation:

The Machine Learning Prevention Monitoring report in the Prevention Policy Management option allows you to monitor the impact of machine learning (ML) prevention settings on your environment. You can view the number of ML detections and preventions by severity, policy, and host group. You can also drill down into specific events and hosts to see more details. This report can help you determine the appropriate ML levels to set in a prevention policy based on your risk tolerance and security posture.


Reference:

Falcon Administrator Learning Path | Infographic | CrowdStrike



Why is the ability to disable detections helpful?

  1. It gives users the ability to set up hosts to test detections and later remove them from the console
  2. It gives users the ability to uninstall the sensor from a host
  3. It gives users the ability to allowlist a false positive detection
  4. It gives users the ability to remove all data from hosts that have been uninstalled

Answer(s): A

Explanation:

"Disable Detections. This is helpful for users who want to set up hosts to test detections in the Falcon console and who later want to remove those old test detections from the"



The Logon Activities Report includes all of the following information for a particular user EXCEPT __________.

  1. the account type for the user (e.g. Domain Administrator, Local User)
  2. all hosts the user logged into
  3. the logon type (e.g. interactive, service)
  4. the last time the user's password was set

Answer(s): B

Explanation:

Checked in console, it returns only the last machine where the user logged on, so it will not return all the machines that the user was logged on in the desired search



An analyst has reported they are not receiving workflow triggered notifications in the past few days.
Where should you first check for potential failures?

  1. Custom Alert History
  2. Workflow Execution log
  3. Workflow Audit log
  4. Falcon UI Audit Trail

Answer(s): B

Explanation:

The Workflow Execution log in the Workflow Management option allows you to view the status and results of workflow executions triggered by detection events. You can filter the log by workflow name, status, start and end time, and detection ID. You can also view the details of each execution, including the actions performed, the output received, and any errors encountered. This log can help you troubleshoot potential failures or issues with your workflows.


Reference:

Falcon Administrator Learning Path | Infographic | CrowdStrike






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts