CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA-200

Free CCFA-200 Exam Braindumps (page: 9)

Page 8 of 39
PDF with 153 Questions

Why is it critical to have separate sensor update policies for Windows/Mac/*nix?

  1. There may be special considerations for each OS
  2. To assist with testing and tracking sensor rollouts
  3. The network protocols are different for each host OS
  4. It is an auditing requirement

Answer(s): A

Explanation:

https://www.crowdstrike.com/blog/tech-center/how-to-manage-policies-in-falcon/



How do you assign a policy to a specific group of hosts?

  1. Create a group containing the desired hosts using "Static Assignment." Go to the Assigned Host Groups tab of the desired policy and dick "Add groups to policy." Select the desired Group(s).
  2. Assign a tag to the desired hosts in Host Management. Create a group with an assignment rule based on that tag. Go to the Assignment tab of the desired policy and click "Add Groups to Policy."
    Select the desired Group(s).
  3. Create a group containing the desired hosts using "Dynamic Assignment." Go to the Assigned Host Groups tab of the desired policy and select criteria such as OU, OS, Hostname pattern, etc.
  4. On the Assignment tab of the desired policy, select "Static" assignment. From the next window, select the desired hosts (using fitters if needed) and click Add.

Answer(s): A

Explanation:

The administrator can assign a policy to a specific group of hosts by creating a group containing the desired hosts using "Static Assignment." Then, go to the Assigned Host Groups tab of the desired policy and click "Add groups to policy." Select the desired Group(s). This will apply the policy to the selected group(s) of hosts. The other options are either incorrect or not applicable to static assignment.


Reference:

[CrowdStrike Falcon User Guide], page 33.



You want to create a detection-only policy. How do you set this up in your policy's settings?

  1. Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender.
  2. Select the "Detect-Only" template. Disable hash blocking and exclusions.
  3. You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect.
  4. Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.

Answer(s): D

Explanation:

The administrator can create a detection-only policy by setting the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled in the policy's settings. This will allow Falcon to detect but not prevent threats on the hosts using this policy. Do not activate any of the other blocking or malware prevention options, as they will enable prevention actions. The other options are either incorrect or not related to creating a detection-only policy.


Reference:

[CrowdStrike Falcon User Guide], page 35.



Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

  1. .*badguydomain.com.*
  2. \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill
  3. badguydomain\.com.*
  4. Custom IOA rules cannot be created for domains

Answer(s): A

Explanation:

You are usuing RegEx here and need leading ".*" to capture www and then need a ".*" at the end to identify any sites falling under badguydomain.com






Post your Comments and Discuss CrowdStrike CCFA-200 exam with other Community members:

CCFA-200 Discussions & Posts