CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

Free CCFA-200 Exam Braindumps (page: 6)

Page 5 of 39
PDF with 153 Questions

Which of the following applies to Custom Blocking Prevention Policy settings?

  1. Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
  2. Blocklisting applies to hashes, IP addresses, and domains
  3. Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
  4. You can only blocklist hashes via the API

Answer(s): A

Explanation:

Falcon allows you to upload hashes from your own black or white lists. To enabled this navigate to the Configuration App, Prevention hashes window, and click on "Upload Hashes" in the upper right- hand corner. Note that you can also automate the task of importing hashes with the CrowdStrike Falcon® API.
https://www.crowdstrike.com/blog/tech-center/how-to-prevent-malware-with-custom-blacklisting/



How many "Auto" sensor version update options are available for Windows Sensor Update Policies?

  1. 1
  2. 2
  3. 0
  4. 3

Answer(s): D

Explanation:

There are three "Auto" sensor version update options available for Windows Sensor Update Policies:
Auto - N-1, Auto - TEST-QA and Auto - Latest. These options allow the administrator to automatically update the sensor version to the previous stable version, the latest test version or the latest stable version, respectively.


Reference:

[CrowdStrike Falcon User Guide], page 38.



The alignment of a particular prevention policy to one or more host groups can be completed in which of the following locations within Falcon?

  1. Policy alignment is configured in the "Host Management" section in the Hosts application
  2. Policy alignment is configured only once during the initial creation of the policy in the "Create New Policy" pop-up window
  3. Policy alignment is configured in the General Settings section under the Configuration menu
  4. Policy alignment is configured in each policy in the "Assigned Host Groups" tab

Answer(s): D

Explanation:

The alignment of a particular prevention policy to one or more host groups can be completed in each policy in the "Assigned Host Groups" tab. This tab allows the administrator to select which host groups will use the policy, as well as view the number of hosts and sensors assigned to each group. The other options are either incorrect or not available.


Reference:

[CrowdStrike Falcon User Guide], page 34.



How long are detection events kept in Falcon?

  1. Detection events are kept for 90 days
  2. Detections events are kept for your subscribed data retention period
  3. Detection events are kept for 7 days
  4. Detection events are kept for 30 days

Answer(s): A

Explanation:

" Data is only available in the Falcon UI for investigations, etc. through the company's data retention time frame; detection information is kept for 90 days regardless; UI audits are available for 1 year






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts