CrowdStrike CCFA-200b 시험

Question No : 1

How can you find a list of hosts that have not communicated with the CrowdStrike Cloud in the last 30 days?

• A.Under Dashboards and reports, choose the Sensor Report. Set the "Last Seen" dropdown to 30 days and reference the Inactive Sensors widget
• B.Under Host setup and management, choose the Host Management page. Set the group filter to "Inactive Sensors"
• C.Under Host setup and management > Managed endpoints > Inactive Sensors. Change the time range to 30 days
• D.Under Host setup and management, choose the Disabled Sensors Report. Change the time range to 30 days

답을 확인하기

정답:

Question No : 2

With Custom Alerts, it is possible to __________.

• A.schedule the alert to run at any interval
• B.receive an alert in an email
• C.configure prevention actions for alerting
• D.be alerted to activity in real-time

답을 확인하기

정답:

Question No : 3

Custom IOA rules are defined using which syntax?

• A.Glob
• B.PowerShell
• C.Yara
• D.Regex

답을 확인하기

정답:

Question No : 4

Which of the following is an effective Custom IOA rule pattern to kill any process attempting to access www.badguydomain.com?

• A..*badguydomain.com.*
• B.\Device\HarddiskVolume2\*.exe -SingleArgument www.badguydomain.com /kill
• C.badguydomain\.com.*
• D.Custom IOA rules cannot be created for domains

답을 확인하기

정답:

Question No : 5

If a user wanted to install an older version of the Falcon sensor, how would they find the older installer file?

• A.Older versions of the sensor are not available for download
• B.By emailing CrowdStrike support at [email protected]
• C.By installing the current sensor and clicking the "downgrade" button during the install
• D.By clicking on "Older versions" links under the Host setup and management > Deploy >Sensor downloads

답을 확인하기

정답:

Question No : 6

What information is provided in Logan Activities under Visibility Reports?

• A.A list of all logons for all users
• B.A list of last endpoints that a user logged in to
• C.A list of users who are remotely logged on to devices based on local IP and local port
• D.A list of unique users who are remotely logged on to devices based on the country

답을 확인하기

정답:

Question No : 7

Why is it critical to have separate sensor update policies for Windows/Mac/*nix?

• A.There may be special considerations for each OS
• B.To assist with testing and tracking sensor rollouts
• C.The network protocols are different for each host OS
• D.It is an auditing requirement

답을 확인하기

정답:

Question No : 8

An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

• A.File exclusions are not aligned to groups or hosts
• B.There is a limit of three groups of hosts applied to any exclusion
• C.There is no limit and exclusions can be applied to any or all groups
• D.Each exclusion can be aligned to only one group of hosts

답을 확인하기

정답:

Question No : 9

Which of the following applies to Custom Blocking Prevention Policy settings?

• A.Hashes must be entered on the Prevention Hashes page before they can be blocked via this policy
• B.Blocklisting applies to hashes, IP addresses, and domains
• C.Executions blocked via hash blocklist may have partially executed prior to hash calculation process remediation may be necessary
• D.You can only blocklist hashes via the API

답을 확인하기

정답:

Question No : 10

Where do you obtain the Windows sensor installer for CrowdStrike Falcon?

• A.Sensors are downloaded from the Hosts > Sensor Downloads
• B.Sensor installers are unique to each customer and must be obtained from support
• C.Sensor installers are downloaded from the Support section of the CrowdStrike website
• D.Sensor installers are not used because sensors are deployed from within Falcon

답을 확인하기

정답:

Question No : 11

How do you assign a Prevention policy to one or more hosts?

• A.Create a new policy and assign it directly to those hosts on the Host Management page
• B.Modify the users roles on the User Management page
• C.Ensure the hosts are in a group and assign that group to a custom Prevention policy
• D.Create a new policy and assign it directly to those hosts on the Prevention policy page

답을 확인하기

정답:

Question No : 12

Which is a filter within the Host setup and management > Host management page?

• A.User name
• B.OU
• C.BIOS Version
• D.Locality

답을 확인하기

정답:

Question No : 13

You have been provided with a list of 100 hashes that are not malicious but your company has deemed to be inappropriate for work computers. They have asked you to ensure that they are not allowed to run in your environment. You have chosen to use Falcon to do this.
Which is the best way to accomplish this?

• A.Using the Support Portal, create a support ticket and include the list of binary hashes, asking support to create an "Execution Prevention" rule to prevent these processes from running
• B.Using Custom Alerts in the Investigate App, create a new alert using the template"Process Execution" and within that rule, select the option to "Block Execution"
• C.Using IOC Management, gather the list of SHA256 or MD5 hashes for each binary and then upload them. Set all hashes to "Block" and ensure that the prevention policy these computers are using includes the option for "Custom Blocking" under Execution Blocking.
• D.Using the API, gather the list of SHA256 or MD5 hashes for each binary and then upload them, setting them all to "Never Allow"

답을 확인하기

정답:

Question No : 14

You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message.
What is the best way to update the workflow?

• A.Clone the workflow and replace the existing email with your CISO's email
• B.Add a sequential action to send a custom email to your CISO
• C.Add a parallel action to send a custom email to your CISO
• D.Add the CISO's email to the existing action

답을 확인하기

정답:

Question No : 15

The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks.
Which statement is TRUE concerning Falcon sensor certificate validation?

• A.SSL inspection should be configured to occur on all Falcon traffic
• B.Some network configurations, such as deep packet inspection, interfere with certificate validation
• C.HTTPS interception should be enabled to proceed with certificate validation
• D.Common sources of interference with certificate pinning include protocol race conditions and resource contention

답을 확인하기

정답: