Pass CCFA-200 Exam Questions ~ 100% success in initial try

Question No 1

What is the function of a single asterisk (*) in an ML exclusion pattern?

Choose the Choices:

The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path

The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path

The single asterisk is the insertion point for the variable list that follows the path

The single asterisk is only used to start an expression, and it represents the drive letter

Question No 2

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

Choose the Choices:

Contact support and request that they modify the Machine Learning settings to no longer include this detection

Using IOC Management, add the hash of the binary in question and set the action to "Allow"

Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"

Using IOC Management, add the hash of the binary in question and set the action to "No Action"

Question No 3

What is the purpose of a containment policy?

Choose the Choices:

To define which Falcon analysts can contain endpoints

To define the duration of Network Containment

To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)

To define allowed IP addresses over which your hosts will communicate when contained

Question No 4

An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

Choose the Choices:

File exclusions are not aligned to groups or hosts

There is a limit of three groups of hosts applied to any exclusion

There is no limit and exclusions can be applied to any or all groups

Each exclusion can be aligned to only one group of hosts

Question No 5

Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?

Choose the Choices:

Practice CrowdStrike CCFA-200 Exam Questions

Question No 1

Question No 2

Question No 3

Question No 4

Question No 5

CCFA-200 Exam Features

CCFA-200 PDF Dumps