CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFA

Free CCFA Exam Braindumps (page: 9)

Page 8 of 25
PDF with 248 Questions

Why is it critical to have separate sensor update policies for Windows/Mac/*nix?

  1. There may be special considerations for each OS
  2. To assist with testing and tracking sensor rollouts
  3. The network protocols are different for each host OS
  4. It is an auditing requirement

Answer(s): D



How do you assign a policy to a specific group of hosts?

  1. Create a group containing the desired hosts using "Static Assignment." Go to the Assigned Host Groups tab of the desired policy and dick "Add groups to policy." Select the desired Group(s).
  2. Assign a tag to the desired hosts in Host Management. Create a group with an assignment rule based on that tag. Go to the Assignment tab of the desired policy and click "Add Groups to Policy." Select the desired Group(s).
  3. Create a group containing the desired hosts using "Dynamic Assignment." Go to the Assigned Host Groups tab of the desired policy and select criteria such as OU, OS, Hostname pattern, etc.
  4. On the Assignment tab of the desired policy, select "Static" assignment. From the next window, select the desired hosts (using fitters if needed) and click Add.

Answer(s): C



You want to create a detection-only policy. How do you set this up in your policy's settings?

  1. Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender.
  2. Select the "Detect-Only" template. Disable hash blocking and exclusions.
  3. You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect.
  4. Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.

Answer(s): D



Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

  1. .*badguydomain.com.*
  2. \Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill
  3. badguydomain\.com.*
  4. Custom IOA rules cannot be created for domains

Answer(s): B






Post your Comments and Discuss CrowdStrike CCFA exam with other Community members:

CCFA Exam Discussions & Posts