Free Preparation Discussions
MENU
CrowdStrike CCFA-200 Exam Questions
- Topic 1: User Management: This section of the exam covers how to identify roles required for access to features and functionality in the Falcon console and how to create roles and delegate them to users based on desired permissions.
- Topic 2: Sensor Deployment: This section covers topics such as how to determine the prerequisites to successfully install a Falcon sensor on operating systems. It also includes examining default policies and how to apply the best practices to prepare workloads for Falcon Sensor. Finally, it covers how to uninstall a Falcon Sensor.
- Topic 3: Host Management & Setup: In this section of the exam, the topics covered include the understanding of the filtering process in the Host Management page and how to disable detection for a host. Moreover, it covers how to explain the impact of disabling detections on a host and what is the effect of Reduced Functionality Mode (RFM). Finally, it covers how to identify hosts in RFM.
- Topic 4: Group Creation: In this section of the exam, topics covered include how to determine the appropriate group assignment for endpoints and understand how it can affect the implementation of policies.
- Topic 5: Policy Application: In this section of the exam, it is identified how to utilize the appropriate prevention policy settings for endpoints. It covers how to determine the appropriate sensor update policy settings for controlling the procedure of update. It also covers how to apply roles and policy settings and monitor RTR audit logs.
- Topic 6: Rule Configuration: In this section of the exam, the focus is on creating custom IOA rules to monitor for behavior that is not malicious. It also covers how to interpret business needs to ensure trusted activity and address false positives in addition to fixing performances. Finally, the section covers how to assess the IOC settings required for customized security posturing and to oversee false positives.
- Topic 7: Dashboards and Reports: In this section of the exam, the focus is given to understanding the different types of sensor reports and their use cases. It also covers how to comprehend various audit logs and their use cases. Workflows: It involves the understanding of setting up workflows to respond to defined triggers.
Free CrowdStrike CCFA-200 Exam Actual Questions
Note: Premium Questions for CCFA-200 were last updated On Jan. 21, 2025 (see below)
You have a Windows host on your network in Reduced functionality mode (RFM). While the system is in RFM, which of the following is TRUE?
The option that is true when a Windows host is in Reduced Functionality Mode (RFM) is that some detection patterns and preventions will not be triggered. RFM is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure. When a Windows sensor is in RFM, it will only provide basic prevention capabilities, such as blocking known malware hashes and preventing script execution from the %TEMP% directory. The sensor will not send any telemetry or detection events to the Falcon platform, and will not receive any policy or update changes from the Falcon cloud. This means that some detection patterns and preventions that rely on telemetry, machine learning, or cloud analysis will not be triggered.
You need to have the ability to monitor suspicious VBA macros. Which Sensor Visibility setting should be turned on within the Prevention policy settings?
Turn on the Script-Based Execution Monitoring prevention policy setting to enable the 'Falcon sensor to monitor the contents of scripts and shells that are popular mechanisms for executing malicious code on hosts. This setting does not kill or block scripts.'
Scripting languages:
Excel 4.0 macros
JScript
VBA Macros
VBScript
The Sensor Visibility setting that should be turned on within the Prevention policy settings to monitor suspicious VBA macros is Script-based Execution Monitoring. Script-based Execution Monitoring is a feature that enables the Falcon sensor to monitor and prevent malicious script execution on Windows systems. The feature uses machine learning and behavioral analysis to detect suspicious scripts or commands executed by various script interpreters, such as PowerShell, WScript, CScript, or Bash. VBA (Visual Basic for Applications) is a scripting language that can be embedded in Microsoft Office documents, such as Word or Excel. VBA macros can be used to automate tasks or perform actions within the documents, but they can also be abused by attackers to deliver malware or execute malicious code. Script-based Execution Monitoring can help detect and prevent such attacks by monitoring the contents of VBA macros for execution of malicious content.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Haydee
Laquanda
8 days agoAnnice
14 days agoCletus
21 days agoVal
28 days agoHannah
1 months agoBurma
1 months agoEmelda
2 months agoFreida
2 months agoAlyce
2 months agoAlfred
2 months agoMing
2 months agoVernell
3 months agoChantell
3 months agoWynell
3 months agoMirta
3 months agoCecilia
4 months agoHelene
4 months agoWilliam
4 months agoCasie
4 months agoSabra
4 months agoChantell
5 months agoGertude
5 months agoWilson
5 months agoTommy
5 months agoJulieta
6 months agoAnnamae
6 months agoViola
7 months agoMozell
7 months agoLeontine
7 months agoErick
8 months agoMike
8 months agoMerissa
8 months ago