Free CCFA-200 Exam Braindumps (page: 8)

Page 7 of 39

Which role allows a user to connect to hosts using Real-Time Response?

  1. Endpoint Manager
  2. Falcon Administrator
  3. Real Time Responder ­ Active Responder
  4. Prevention Hashes Manager

Answer(s): C

Explanation:

The role that allows a user to connect to hosts using Real-Time Response is Real Time Responder ­ Active Responder. This role allows users to use the "Connect to Host" feature to gather additional information from the host, as well as execute commands and scripts on the host. The other roles do not have this capability.


Reference:

[CrowdStrike Falcon User Guide], page 18.



You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes.
Which of the following parameters can be used to override the 20- minute default provisioning window?

  1. ExtendedWindow=1
  2. Timeout=0
  3. ProvNoWait=1
  4. Timeout=30

Answer(s): C

Explanation:

"ProvNoWait=1
The sensor does not abort installation if it can't connect to the CrowdStrike cloud within 20 minutes (10 minutes, in Falcon sensor version 6.21 and earlier). (By default, if the host can't contact our cloud, it will retry the connection for 20 minutes. After that, the host will automatically uninstall its sensor.)"

"ProvWaitTime=3600000
The sensor waits for 1 hour to connect to the CrowdStrike cloud when installing (the default is 20 minutes)."



How can you find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days?

  1. Under Dashboards and reports, choose the Sensor Report. Set the "Last Seen" dropdown to 30 days and reference the Inactive Sensors widget
  2. Under Host setup and management, choose the Host Management page. Set the group filter to "Inactive Sensors"
  3. Under Host setup and management > Managed endpoints > Inactive Sensors. Change the time range to 30 days
  4. Under Host setup and management, choose the Disabled Sensors Report. Change the time range to 30 days

Answer(s): C

Explanation:

The administrator can find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days by going to Host setup and management > Managed endpoints > Inactive Sensors. Then, change the time range to 30 days. This will show the host name, last seen date, sensor version and group name for each inactive host. The other options are either incorrect or not available.


Reference:

[CrowdStrike Falcon User Guide], page 31.



In order to quarantine files on the host, what prevention policy settings must be enabled?

  1. Malware Protection and Custom Execution Blocking must be enabled
  2. Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabled
  3. Malware Protection and Windows Anti-Malware Execution Blocking must be enabled
  4. Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled

Answer(s): B

Explanation:

In order to quarantine files on the host, the administrator must enable the Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" in the prevention policy settings. This will allow Falcon to quarantine malicious files and register them with Windows Security Center. The other options are either incorrect or not sufficient to enable quarantine.


Reference:

[CrowdStrike Falcon User Guide], page 36.






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts