Curious about Actual CrowdStrike CCFA (CCFA-200) Exam Questions?

Here are sample CrowdStrike Certified Falcon Administrator (CCFA-200) Exam questions from real exam. You can get more CrowdStrike CCFA (CCFA-200) Exam premium practice questions at TestInsights.

Page: 1 /
Total 153 questions

Want more questions? Get Premium Access.

Question 1

When editing an existing IOA exclusion, what can NOT be edited?

AThe IOA name

BAll parts of the exclusion can be changed

CThe exclusion name

DThe hosts groups

Correct : A

When editing an existing IOA exclusion, the IOA name cannot be edited. An IOA (indicator of attack) exclusion allows you to define custom rules for excluding suspicious behavior from detection or prevention based on process execution, file write, network connection, or registry events. The IOA name is a predefined name that identifies the type of IOA behavior that you want to exclude, such as ''Suspicious Process Execution - Script Interpreter Executing File''. The IOA name cannot be changed when editing an existing IOA exclusion, as it is linked to a specific IOA rule in the Falcon platform.However, you can edit other parts of the IOA exclusion, such as the exclusion name, the hosts groups, and the filter criteria2.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AThe IOA name

BAll parts of the exclusion can be changed

CThe exclusion name

DThe hosts groups

0 / 1500

Question 2

Which of the following is NOT an available action for an API Client?

AEdit an API Client

BReset an API Client Secret

CRetrieve an API Client Secret

DDelete an API Client

Correct : C

The option that is not an available action for an API Client is Retrieve an API Client Secret. An API Client is an entity that represents a user or application that can access the Falcon platform programmatically via the Falcon APIs. An API Client has an API Client ID and an API Client Secret, which are used for authenticating and authorizing API requests. You can create and manage API Clients in the API Clients and Keys page in the Falcon console. The available actions for an API Client are Edit an API Client, Reset an API Client Secret, and Delete an API Client.You cannot retrieve an API Client Secret after it has been created, as it is only displayed once during creation for security reasons2.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AEdit an API Client

BReset an API Client Secret

CRetrieve an API Client Secret

DDelete an API Client

0 / 1500

Question 3

How can a API client secret be viewed after it has been created?

AWithin the API management page, API client secrets can be accessed within the 'edit client' functionality

BThe API client secret must be reset or a new client created as the secret cannot be viewed after it has been created

CThe API client secret can be provided by support via direct email request from a Falcon Administrator

DSelecting 'show secret' within the 3-dot dropdown menu will reveal the secret for the selected api client

Correct : B

The way an API client secret can be viewed after it has been created is that the API client secret must be reset or a new client created as the secret cannot be viewed after it has been created. As explained in question 137, an API client secret is only displayed once during creation for security reasons. If you lose or forget your API client secret, you cannot view it again in the Falcon console. You have two options to resolve this issue: either reset your API client secret or create a new API client. Resetting your API client secret will generate a new secret for your existing API client, which will invalidate any previous secret.Creating a new API client will generate a new API client ID and secret, which will require you to update any applications or scripts that use the Falcon APIs2.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AWithin the API management page, API client secrets can be accessed within the 'edit client' functionality

BThe API client secret must be reset or a new client created as the secret cannot be viewed after it has been created

CThe API client secret can be provided by support via direct email request from a Falcon Administrator

DSelecting 'show secret' within the 3-dot dropdown menu will reveal the secret for the selected api client

0 / 1500

Question 4

What will happen to a host if it is not assigned a Sensor Update policy?

AThe host will uninstall the Sensor and provide an alert to the installation team

BThe host will automatically update to the newest sensor version and auto-update to future release

CThe host will automatically create a custom Sensor Update policy

DThe host will use the Default Sensor Update policy

Correct : D

The option that describes what will happen to a host if it is not assigned a Sensor Update policy is that the host will use the Default Sensor Update policy. A Sensor Update policy is a policy that controls how and when the Falcon sensor is updated on a host. You can create and assign custom Sensor Update policies to different hosts or groups in your environment. However, if a host is not assigned to a specific Sensor Update policy, it will inherit the settings from the Default Sensor Update policy. The Default Sensor Update policy is a ''catch-all'' policy that is enabled by default and has the ''Uninstall and Maintenance Protection'' feature turned on.You can modify the settings of the Default Sensor Update policy, but you cannot delete or disable it1.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AThe host will uninstall the Sensor and provide an alert to the installation team

BThe host will automatically update to the newest sensor version and auto-update to future release

CThe host will automatically create a custom Sensor Update policy

DThe host will use the Default Sensor Update policy

0 / 1500

Question 5

A sensor that has not contacted the Falcon cloud will be automatically deleted from the hosts list after how many days?

A45 Days

B60 Days

C30 Days

D90 Days

Correct : D

A sensor that has not contacted the Falcon cloud will be automatically deleted from the hosts list after 90 days. A sensor that has not contacted the Falcon cloud for more than seven days is considered inactive and will be moved from the Host Management page to the Trash page. An inactive sensor will remain in the Trash page for 90 days before being permanently deleted from the Falcon platform. You can restore an inactive sensor from the Trash page if it contacts the Falcon cloud again within 90 days.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

A45 Days

B60 Days

C30 Days

D90 Days

0 / 1500

Page: 1 / 31
Total 153 questions

Unlock Full
CCFA-200 Exam Features

In Just $34.5 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
CCFA-200 Exam

CCFA-200 Exam Question 1
CCFA-200 Exam Question 2
CCFA-200 Exam Question 3
CCFA-200 Exam Question 4
CCFA-200 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login