Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CrowdStrike CCFA

CrowdStrike CCFA Exam Practice Questions (P. 3)

  • Full Access (185 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
How do you disable all detections for a host?
  1. A
    Create an exclusion rule and apply it to the machine or group of machines
  2. B
    Contact support and provide them with the Agent ID (AID) for the machine and they will put it on the Disabled Hosts list in your Customer ID (CID)
  3. C
    You cannot disable all detections on individual hosts as it would put them at risk
  4. D
    In Host Management, select the host and then choose the option to Disable Detections

Correct Answer:
D
chatbot-img GPT-4o - Answer
D is indeed the correct choice for disabling all detections on a host within the CrowdStrike Falcon platform. You can access this option directly through the Host Management section. Once you select the specific host, you'll find an option to 'Disable Detections'. This functionality is useful for conducting certain administrative tasks where the detection might interfere with legitimate applications or maintenance activities. Remember, utilizing this feature should be done with caution, considering the potential security risks involved when detections are disabled.

Question #12
To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?
  1. A
    Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead
  2. B
    Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only
  3. C
    Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block
  4. D
    Using IOC management, import the list of hashes and IP addresses and set the action to No Action

Correct Answer:
C
chatbot-img GPT-4o - Answer
It's important to clarify that IOC (Indicator of Compromise) management in CrowdStrike enables users to set actions such as "Detect Only" or "No Action" for listed hashes, IPs, and domains. It does not facilitate direct blocking capabilities. Thus, to block or take immediate action against threats linked with specific domains or IP addresses, configuring a Custom IOA (Indicator of Attack) Rule is the appropriate approach. This allows for tailored responses, such as "Kill Process," which effectively serves the blocking function.

Question #13
Which role is required to manage groups and policies in Falcon?
  1. A
    Falcon Host Analyst
  2. B
    Falcon Host Administrator
  3. C
    Prevention Hashes Manager
  4. D
    Falcon Host Security Lead

Correct Answer:
B
chatbot-img GPT-4o - Answer
The correct role required to manage groups and policies within the Falcon platform is indeed the Falcon Host Administrator. This role grants the necessary permissions to modify group settings and policy configurations crucial for managing the security environment effectively. This designation specifically combines administrative capabilities with a focus on host-level operations, distinguishing it from other roles that may not directly involve policy management aspects.

Question #14
Which of the following can a Falcon Administrator edit in an existing user's profile?
  1. A
    First or Last name
  2. B
    Phone number
  3. C
    Email address
  4. D
    Working groups

Correct Answer:
D
chatbot-img GPT-4o - Answer
The correct option, editing "working groups" in a user's profile, is a key function allowed in CrowdStrike Falcon, enabling administrators to assign users to specific groups based on operational needs. Despite some confusion with terminology, 'working groups' here refers to roles or teams within the Falcon platform, essential for managing user access and responsibilities effectively. Always ensure to refer to the latest CrowdStrike documentation or system interface for the most accurate information.

Question #15
You want the Falcon Cloud to push out sensor version changes but you also want to manually control when the sensor version is upgraded or downgraded. In the Sensor Update policy, which is the best Sensor version option to achieve these requirements?
  1. A
    Specific sensor version number
  2. B
    Auto - TEST-QA
  3. C
    Sensor version updates off
  4. D
    Auto - N-1

Correct Answer:
A
chatbot-img GPT-4o - Answer
Choosing 'Specific sensor version number' gives you control over when to upgrade or downgrade the sensor version, aligning perfectly with the need for both automation and manual intervention. Options B and D will automate the process without your consent for each change, while option C removes the automation aspect completely, requiring manual updates only. So, A is indeed the best choice for maintaining a balance between automatic updates and manual control.

Previous Questions Next Questions

All Pages