QUESTION: 21

What information is provided in Logan Activities under Visibility Reports?

A list of all logons for all users
A list of last endpoints that a user logged in to
A list of users who are remotely logged on to devices based on local IP and local port
A list of unique users who are remotely logged on to devices based on the country

Answer(s): B

Explanation:

The Logon Activities report under Visibility Reports provides a list of last endpoints that a user logged in to. This report shows the user name, domain name, logon type, logon time and endpoint name for each logon event. The other options are either incorrect or not related to the report.

Reference:

[CrowdStrike Falcon User Guide], page 50.

Reveal Solution Next Question

QUESTION: 22

What can the Quarantine Manager role do?

Manage and change prevention settings
Manage quarantined files to release and download
Manage detection settings
Manage roles and users

Answer(s): B

Explanation:

The Quarantine Manager role can manage quarantined files to release and download. This role allows users to view and search quarantined files, as well as release them from quarantine or download them for further analysis. The other roles do not have this capability.

Reference:

[CrowdStrike Falcon User Guide], page 19.

Reveal Solution Next Question

QUESTION: 23

What command should be run to verify if a Windows sensor is running?

regedit myfile.reg
sc query csagent
netstat -f
ps -ef | grep falcon

Answer(s): B

Explanation:

The command that should be run to verify if a Windows sensor is running is sc query csagent. This command will display the status and information of the csagent service, which is the Falcon sensor service. The other commands are either incorrect or not applicable to Windows sensors.

Reference:

[CrowdStrike Falcon User Guide], page 29.

Reveal Solution Next Question

QUESTION: 24

When configuring a specific prevention policy, the admin can align the policy to two different types of groups, Host Groups and which other?

Custom IOA Rule Groups
Custom IOC Groups
Enterprise Groups
Operating System Groups

Answer(s): A

Explanation:

Prevention Policies are created based on the OS (Windows, MAC and Linux policies). Once a prevention policy is created, three options appear on top: Settings, Assigned Host Groups and Assigned Custom IOAS (tested on Crowdstrike). Therefore, Host Groups and Custom IOAS are the two different types of groups a prevention policy can be aligned to.

Reveal Solution Next Question

Free CCFA-200 Exam Braindumps (page: 7)

QUESTION: 21

Explanation:

Reference:

QUESTION: 22

Explanation:

Reference:

QUESTION: 23

Explanation:

Reference:

QUESTION: 24

Explanation:

CCFA-200 Discussions & Posts