Certbus > CrowdStrike > CrowdStrike Certifications > CCFA-200 > CCFA-200 Online Practice Questions and Answers

CCFA-200 Online Practice Questions and Answers

Questions 4

Which of the following is NOT an available filter on the Hosts Management page?

A. Hostname

B. Username

C. Group

D. OS Version

Browse 186 Q&As
Questions 5

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

A. Contact support and request that they modify the Machine Learning settings to no longer include this detection

B. Using IOC Management, add the hash of the binary in question and set the action to "Allow"

C. Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"

D. Using IOC Management, add the hash of the binary in question and set the action to "No Action"

Browse 186 Q&As
Questions 6

What command should be run to verify if a Windows sensor is running?

A. regedit myfile.reg

B. sc query csagent

C. netstat -f

D. ps -ef | grep falcon

Browse 186 Q&As
Questions 7

What best describes the relationship between Sensor Update policies and Operating Systems?

A. Windows and Mac share Sensor Update policies. Linux requires its own set of polices based on the different kernel versions

B. Sensor Update polices are not Operating System specific. One policy can be applied to all Operating Systems

C. Windows has its own Sensor Update polices. But Mac and Linux share Sensor Update policies

D. A Sensor Update policy must be configured for each Operating System (Windows, Mac, Linux)

Browse 186 Q&As
Questions 8

On the Host management page which filter could be used to quickly identify all devices categorized as a "Workstation" by the Falcon Platform?

A. Status

B. Platform

C. Hostname

D. Type

Browse 186 Q&As
Questions 9

Which of the following uses Regex to create a detection or take a preventative action?

A. Custom IOC

B. Machine Learning Exclusion

C. Custom IOA D. Sensor Visibility Exclusion

Browse 186 Q&As
Questions 10

You have a Windows host on your network in Reduced functionality mode (RFM). While the system is in RFM, which of the following is TRUE?

A. System monitoring will be unavailable

B. Event reporting will be unavailable

C. Prevention patterns will not be triggered

D. Some detection patterns and preventions will not be triggered

Browse 186 Q&As
Questions 11

On a Windows host, what is the best command to determine if the sensor is currently running?

A. sc query csagent

B. netstat -a

C. This cannot be accomplished with a command

D. ping falcon.crowdstrike.com

Browse 186 Q&As
Exam Code: CCFA-200
Exam Name: CrowdStrike Certified Falcon Administrator
Last Update: Mar 14, 2025
Questions: 186 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99