Pass4Future also provide interactive practice exam software for preparing CrowdStrike Certified Falcon Administrator (CCFA-200b) Exam effectively. You are welcome to explore sample free CrowdStrike CCFA-200b Exam questions below and also try CrowdStrike CCFA-200b Exam practice test software.
Do you know that you can access more real CrowdStrike CCFA-200b exam questions via Premium Access? ()
When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies?
Answer : A
When uninstalling a sensor, a maintenance token is required if the 'Uninstall and maintenance protection' setting is enabled within the Sensor Update Policies. This setting prevents unauthorized or accidental uninstallation of sensors by requiring a token that can be generated from the Falcon console. The other options are either incorrect or not related to uninstalling a sensor. Reference:CrowdStrike Falcon User Guide, page 29.
Which role will allow someone to manage quarantine files?
Answer : A
The role that will allow someone to manage quarantine files is Falcon Security Lead. This role allows users to view and manage quarantined files, as well as release them from quarantine or download them for further analysis. The other roles do not have this capability. Reference:CrowdStrike Falcon User Guide, page 19.
What can the Quarantine Manager role do?
Answer : B
The Quarantine Manager role can manage quarantined files to release and download. This role allows users to view and search quarantined files, as well as release them from quarantine or download them for further analysis. The other roles do not have this capability. Reference: [CrowdStrike Falcon User Guide], page 19.
What can exclusions be applied to?
Answer : B
The option that describes what exclusions can be applied to is that exclusions can be applied to either all hosts or specified groups. An exclusion is a rule that defines what files, folders, processes, IP addresses, or domains should be excluded from detection or prevention by the Falcon sensor. You can create and manage exclusions in the Exclusions page in the Falcon console. You can apply exclusions to either all hosts in your environment or to specific host groups that you select. You cannot apply exclusions to individual hosts selected by the administrator.
After Network Containing a host, your Incident Response team states they are unable to remotely connect to the host. Which of the following would need to be configured to allow remote connections from specified IP's?
Answer : D
The option that would need to be configured to allow remote connections from specified IP's after network containing a host is IP Allowlist Management. IP Allowlist Management allows you to define a list of trusted IP addresses that can communicate with your contained hosts.This way, you can isolate a host from the network while still allowing your incident response team or other authorized parties to remotely connect to the host for investigation or remediation purposes2.
