CrowdStrike Exam CCFA-200 Topic 2 Question 50 Discussion

Actual exam question for CrowdStrike's CCFA-200 exam

Question #: 50
Topic #: 2

The Falcon Administrator has created a new prevention policy to apply to the "Servers" group; however, when applying the new prevention policy this group is not appearing in the list of available groups. What is the most likely issue?

AThe new prevention policy should be enabled first

BThe 'Servers' group already has a policy applied to it

CThe 'Servers' group must be disabled first

DHost type was not defined correctly within the prevention policy

Show Suggested Answer

Suggested Answer: D

The option that is true when a Windows host is in Reduced Functionality Mode (RFM) is that some detection patterns and preventions will not be triggered. RFM is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure. When a Windows sensor is in RFM, it will only provide basic prevention capabilities, such as blocking known malware hashes and preventing script execution from the %TEMP% directory. The sensor will not send any telemetry or detection events to the Falcon platform, and will not receive any policy or update changes from the Falcon cloud. This means that some detection patterns and preventions that rely on telemetry, machine learning, or cloud analysis will not be triggered.

by Samira at Jan 13, 2025, 09:26 PM

Limited Time Offer

25%

Off

Get Premium CCFA-200 Questions as Interactive Web-Based Practice Test or PDF