Free Preparation Discussions
MENU
CrowdStrike CCFA-200 Exam Questions
- Topic 1: User Management: This section of the exam covers how to identify roles required for access to features and functionality in the Falcon console and how to create roles and delegate them to users based on desired permissions.
- Topic 2: Sensor Deployment: This section covers topics such as how to determine the prerequisites to successfully install a Falcon sensor on operating systems. It also includes examining default policies and how to apply the best practices to prepare workloads for Falcon Sensor. Finally, it covers how to uninstall a Falcon Sensor.
- Topic 3: Host Management & Setup: In this section of the exam, the topics covered include the understanding of the filtering process in the Host Management page and how to disable detection for a host. Moreover, it covers how to explain the impact of disabling detections on a host and what is the effect of Reduced Functionality Mode (RFM). Finally, it covers how to identify hosts in RFM.
- Topic 4: Group Creation: In this section of the exam, topics covered include how to determine the appropriate group assignment for endpoints and understand how it can affect the implementation of policies.
- Topic 5: Policy Application: In this section of the exam, it is identified how to utilize the appropriate prevention policy settings for endpoints. It covers how to determine the appropriate sensor update policy settings for controlling the procedure of update. It also covers how to apply roles and policy settings and monitor RTR audit logs.
- Topic 6: Rule Configuration: In this section of the exam, the focus is on creating custom IOA rules to monitor for behavior that is not malicious. It also covers how to interpret business needs to ensure trusted activity and address false positives in addition to fixing performances. Finally, the section covers how to assess the IOC settings required for customized security posturing and to oversee false positives.
- Topic 7: Dashboards and Reports: In this section of the exam, the focus is given to understanding the different types of sensor reports and their use cases. It also covers how to comprehend various audit logs and their use cases. Workflows: It involves the understanding of setting up workflows to respond to defined triggers.
Free CrowdStrike CCFA-200 Exam Actual Questions
Note: Premium Questions for CCFA-200 were last updated On Nov. 15, 2024 (see below)
You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?
Turn on the Script-Based Execution Monitoring prevention policy setting to enable the 'Falcon sensor to monitor the contents of scripts and shells that are popular mechanisms for executing malicious code on hosts. This setting does not kill or block scripts.'
Scripting languages:
Excel 4.0 macros
JScript
VBA Macros
VBScript
The Sensor Visibility setting that should be turned on within the Prevention policy settings to monitor suspicious VBA macros is Script-based Execution Monitoring. Script-based Execution Monitoring is a feature that enables the Falcon sensor to monitor and prevent malicious script execution on Windows systems. The feature uses machine learning and behavioral analysis to detect suspicious scripts or commands executed by various script interpreters, such as PowerShell, WScript, CScript, or Bash. VBA (Visual Basic for Applications) is a scripting language that can be embedded in Microsoft Office documents, such as Word or Excel. VBA macros can be used to automate tasks or perform actions within the documents, but they can also be abused by attackers to deliver malware or execute malicious code. Script-based Execution Monitoring can help detect and prevent such attacks by monitoring the contents of VBA macros for execution of malicious content.
When performing targeted filtering for a host on the Host Management Page, which filter bar attribute is NOT case-sensitive?
Which of the follow should be used with extreme caution because it may introduce additional security risks such as malware or other attacks which would not be recorded, detected, or prevented based on the exclusion syntax?
The Customer ID (CID) is important in which of the following scenarios?
The Customer ID (CID) is important in which of the following scenarios: when performing the sensor installation process and when setting up API keys. The CID is a unique identifier for your organization that is required for authenticating your sensor installation and communication with the Falcon cloud. You need to provide your CID when installing the Falcon sensor on a host, either by using a command-line parameter or by using the falconctl tool. The CID is also required for setting up API keys, which are used for accessing the Falcon platform programmatically via the Falcon APIs. You need to provide your CID when creating an API client and key in the API Clients and Keys page in the Falcon console.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Ming
2 hours agoVernell
6 days agoChantell
7 days agoWynell
19 days agoMirta
21 days agoCecilia
1 months agoHelene
1 months agoWilliam
1 months agoCasie
2 months agoSabra
2 months agoChantell
2 months agoGertude
2 months agoWilson
2 months agoTommy
3 months agoJulieta
4 months agoAnnamae
4 months agoViola
4 months agoMozell
5 months agoLeontine
5 months agoErick
5 months agoMike
5 months agoMerissa
6 months ago