Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

CrowdStrike CCFA-200 Exam Questions
CrowdStrike Certified Falcon Administrator (Page 4 )

Updated On: 16-Feb-2026
Page 4 of 32
PDF with 153 Questions

How do you disable all detections for a host?

  1. Create an exclusion rule and apply it to the machine or group of machines
  2. Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)
  3. You cannot disable all detections on individual hosts as it would put them at risk
  4. In Host Management, select the host and then choose the option to Disable Detections

Answer(s): D

Explanation:

The administrator can disable all detections for a host by selecting the host and then choosing the option to Disable Detections in the Host Management page. This will prevent the host from sending any detection events to the Falcon Cloud. The other options are either incorrect or not available.


Reference:

[CrowdStrike Falcon User Guide], page 32.



To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?

  1. Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead
  2. Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only
  3. Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block
  4. Using IOC management, import the list of hashes and IP addresses and set the action to No Action

Answer(s): A

Explanation:

IOC management only allows "Detect only" and "No Action" among the possible actions. Therefore, it cannot be used to block based on IPs or domains. Custom IOA Rule groups allow to create rule types based on Network Connection (configuring a remote IP address) and domains, and gives the options to "Monitor", "Detect" and "Kill Process", being the late one the closest to "block".



Which role is required to manage groups and policies in Falcon?

  1. Falcon Host Analyst
  2. Falcon Host Administrator
  3. Prevention Hashes Manager
  4. Falcon Host Security Lead

Answer(s): B

Explanation:

The Falcon Host Administrator role is required to manage groups and policies in Falcon. This role allows users to create, edit and delete groups and policies, as well as assign them to hosts. The other roles do not have this capability.


Reference:

[CrowdStrike Falcon User Guide], page 17.



Which of the following can a Falcon Administrator edit in an existing user's profile?

  1. First or Last name
  2. Phone number
  3. Email address
  4. Working groups

Answer(s): A

Explanation:

Roles are never called 'working groups' in the documentation. The only other option that can be edited on a existing user is first and last name.



You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded. In the Sensor Update policy, which is the best Sensor version option to achieve these requirements?

  1. Specific sensor version number
  2. Auto - TEST-QA
  3. Sensor version updates off
  4. Auto - N-1

Answer(s): A

Explanation:

The administrator can choose a specific sensor version number in the Sensor Update policy to manually control when the sensor version is upgraded or downgraded. This will allow the Falcon Cloud to push out sensor version changes, but only when the administrator changes the version number in the policy. The other options will either automate the sensor version updates or turn them off completely.


Reference:

[CrowdStrike Falcon User Guide], page 38.






Post your Comments and Discuss CrowdStrike CCFA-200 exam dumps with other Community members:

Join the CCFA-200 Discussion