New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CCFA-200 Exam Dumps - CrowdStrike Falcon Certification Program Questions and Answers

Page: 1 / 11
Questions 4

The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?

Options:

A.

SSL inspection should be configured to occur on all Falcon traffic

B.

Some network configurations, such as deep packet inspection, interfere with certificate validation

C.

HTTPS interception should be enabled to proceed with certificate validation

D.

Common sources of interference with certificate pinning include protocol race conditions and resource contention

Buy Now
Questions 5

What information is provided in Logan Activities under Visibility Reports?

Options:

A.

A list of all logons for all users

B.

A list of last endpoints that a user logged in to

C.

A list of users who are remotely logged on to devices based on local IP and local port

D.

A list of unique users who are remotely logged on to devices based on the country

Buy Now
Questions 6

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

Options:

A.

Contact support and request that they modify the Machine Learning settings to no longer include this detection

B.

Using IOC Management, add the hash of the binary in question and set the action to "Allow"

C.

Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"

D.

Using IOC Management, add the hash of the binary in question and set the action to "No Action"

Buy Now
Questions 7

Which of the following is TRUE regarding disabling detections for a host?

Options:

A.

After disabling detections, the host will operate in Reduced Functionality Mode (RFM) until detections are enabled

B.

After disabling detections, the data for all existing detections prior to disabling detections is removed from the Event Search

C.

The DetectionSummaryEvent continues being sent to the Streaming API for that host

D.

The detections for that host are removed from the console immediately. No new detections will display in the console going forward unless detections are enabled

Buy Now
Page: 1 / 11
Exam Code: CCFA-200
Exam Name: CrowdStrike Certified Falcon Administrator
Last Update: Dec 26, 2024
Questions: 153
CCFA-200 pdf

CCFA-200 PDF

$25.5  $84.99
CCFA-200 Engine

CCFA-200 Testing Engine

$28.5  $94.99
CCFA-200 PDF + Engine

CCFA-200 PDF + Testing Engine

$40.5  $134.99