Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CrowdStrike CCFA

CrowdStrike CCFA Exam Practice Questions (P. 2)

  • Full Access (185 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #6
What must an admin do to reset a user's password?
  1. A
    From User Management, open the account details for the affected user and select "Generate New Password"
  2. B
    From User Management, select "Reset Password" from the three dot menu for the affected user account
  3. C
    From User Management, select "Update Account" and manually create a new password for the affected user account
  4. D
    From User Management, the administrator must rebuild the account as the certificate for user specific private/public key generation is no longer valid

Correct Answer:
B
chatbot-img GPT-4o - Answer
To reset a user's password as an admin in CrowdStrike, just hit "Reset Password" from the three-dot menu beside their account name under User Management. This is a standard shortcut for immediate action without diving into account details or creating complexities like manual password updates or account rebuilds. Super simple and efficient!

Question #7
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?
  1. A
    Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
  2. B
    Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"
  3. C
    Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
  4. D
    Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"

Correct Answer:
C
chatbot-img GPT-4o - Answer
Spot on! When you want to disable Real Time Response (RTR) for a specific group of hosts, the best move is to create a new Response Policy where you toggle off the RTR and then assign this policy directly to the host group. This straightforward method ensures that the particular settings apply only to the intended servers without affecting others. Creating targeted policies like this helps maintain clearer organization and control over who gets what access in your network environment.

Question #8
When creating new IOCs in IOC management, which of the following fields must be configured?
  1. A
    Hash, Description, Filename
  2. B
    Hash, Action and Expiry Date
  3. C
    Filename, Severity and Expiry Date
  4. D
    Hash, Platform and Action

Correct Answer:
D
chatbot-img GPT-4o - Answer
The correct answer is D) Hash, Platform, and Action. This is because when you create new Indicators of Compromise (IOCs) in CrowdStrike's IOC management, the system requires specific identifiers and actions to effectively manage the security measure. Hash ensures a unique identifier; the platform specifies the operating system or environment affected; and the action dictates how the Falcon system should respond when it encounters the IOC. Such configuration helps in tailoring the response to specific threats accurately.

Question #9
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?
  1. A
    Remediation Manager
  2. B
    Real Time Responder – Read Only Analyst
  3. C
    Falcon Analyst – Read Only
  4. D
    Real Time Responder – Active Responder

Correct Answer:
C
chatbot-img GPT-4o - Answer
The correct role to allow Falcon Analysts to view files and file contents on compromised hosts, without extraction capabilities, is indeed the Falcon Analyst – Read Only role. This specialized role is tailored to enhance visibility while securing sensitive data by restricting the removal capabilities, aligning perfectly with the requirements stated by a CISO for heightened, yet controlled, access to file contents on compromised systems. This ensures compliance with security protocols and preserves the integrity and confidentiality of the investigation.

Question #10
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?
  1. A
    USB Device Policy
  2. B
    Firewall Rule Group
  3. C
    Containment Policy
  4. D
    Machine Learning Exclusions

Correct Answer:
C
chatbot-img GPT-4o - Answer
The correct approach here is using Machine Learning Exclusions. This feature enables you to set exclusions for specific files and directories. By configuring these exclusions, you can reduce false positives effectively for areas such as your "devcode" folder, where frequent benign activities are flagged due to developmental testing activities. This method ensures these regions are overlooked by the machine learning detection engine, optimizing your security efforts without compromising development processes.

Previous Questions Next Questions

All Pages