Pass CrowdStrike CCFA-200 PDF Dumps Recently Updated 152 Questions [Q19-Q36] : Latest Exam Prep : http://certify.vceprep.com

QUESTION 19
When the Notify End Users policy setting is turned on, which of the following is TRUE?

End users will not be notified as we would not want to notify a malicious actor of a detection. This setting does not exist

End users will be immediately notified via a pop-up that their machine is in-network isolation

End-users receive a pop-up notification when a prevention action occurs

End users will receive a pop-up allowing them to confirm or refuse a pending quarantine

QUESTION 20
The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?

SSL inspection should be configured to occur on all Falcon traffic

Some network configurations, such as deep packet inspection, interfere with certificate validation

HTTPS interception should be enabled to proceed with certificate validation

Common sources of interference with certificate pinning include protocol race conditions and resource contention

QUESTION 21
What should be disabled on firewalls so that the sensor’s man-in-the-middle attack protection works properly?

Deep packet inspection

Linux Sub-System

PowerShell

Windows Proxy

QUESTION 22
An analyst has reported they are not receiving workflow triggered notifications in the past few days. Where should you first check for potential failures?

Custom Alert History

Workflow Execution log

Workflow Audit log

Falcon UI Audit Trail

QUESTION 23
Which of the following applies to Custom Blocking Prevention Policy settings?

Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy

Blocklisting applies to hashes, IP addresses, and domains

Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary

You can only blocklist hashes via the API

QUESTION 24
Which port and protocol does the sensor use to communicate with the CrowdStrike Cloud?

TCP port 22 (SSH)

TCP port 443 (HTTPS)

TCP port 80 (HTTP)

TCP UDP port 53 (DNS)

QUESTION 25
Under which scenario can Sensor Tags be assigned?

While triaging a detection

While managing hosts in the Falcon console

While updating a sensor in the Falcon console

While installing a sensor

QUESTION 26
What will happen to a host if it is not assigned a Sensor Update policy?

The host will uninstall the Sensor and provide an alert to the installation team

The host will automatically update to the newest sensor version and auto-update to future release

The host will automatically create a custom Sensor Update policy

The host will use the Default Sensor Update policy

QUESTION 27
How can you find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days?

Under Dashboards and reports, choose the Sensor Report. Set the “Last Seen” dropdown to 30 days and reference the Inactive Sensors widget

Under Host setup and management, choose the Host Management page. Set the group filter to “Inactive Sensors”

Under Host setup and management > Managed endpoints > Inactive Sensors. Change the time range to 30 days

Under Host setup and management, choose the Disabled Sensors Report. Change the time range to 30 days

QUESTION 28
Which role will allow someone to manage quarantine files?

Falcon Security Lead

Detections Exceptions Manager

Falcon Analyst – Read Only

Endpoint Manager

QUESTION 29
Why do Sensor Update policies need to be configured for each OS (Windows, Mac, Linux)?

To bundle the Sensor and Prevention policies together into a deployment package

Sensor Update policies are OS dependent

To assist with auditing and change management

This is false. One policy can be applied to all Operating Systems

QUESTION 30
Where can you modify settings to permit certain traffic during a containment period?

Prevention Policy

Host Settings

Containment Policy

Firewall Settings

QUESTION 31
Why is it critical to have separate sensor update policies for Windows/Mac/*nix?

There may be special considerations for each OS

To assist with testing and tracking sensor rollouts

The network protocols are different for each host OS

It is an auditing requirement

QUESTION 32
The Logon Activities Report includes all of the following information for a particular user EXCEPT __________.

the account type for the user (e.g. Domain Administrator, Local User)

all hosts the user logged into

the logon type (e.g. interactive, service)

the last time the user’s password was set

QUESTION 33
You have created a Sensor Update Policy for the Mac platform. Which other operating system(s) will this policy manage?

*nix

Windows

Both Windows and *nix

Only Mac

QUESTION 34
What best describes what happens to detections in the console after clicking “Enable Detections” for a host which previously had its detections disabled?

Enables custom detections for the host

New detections will start appearing in the console, and all retroactive stored detections will be restored to the console for that host

New detections will start appearing in the console immediately. Previous detections will not be restored to the console for that host

Preventions will be enabled for the host

QUESTION 35
When creating new IOCs in IOC management, which of the following fields must be configured?

Hash, Description, Filename

Hash, Action and Expiry Date

Filename, Severity and Expiry Date

Hash, Platform and Action

QUESTION 36
With Custom Alerts, it is possible to __________.

schedule the alert to run at any interval

receive an alert in an email

configure prevention actions for alerting

be alerted to activity in real-time