無料CrowdStrike CCFA-200プレミアム試験エンジンPDFをダウンロード 更新された152問があります [Q16-Q32]

Share

無料CrowdStrike CCFA-200プレミアム試験エンジンPDFをダウンロード 更新された152問があります

検証済みCCFA-200リアル試験問題集PDF豪華お試しセット

質問 # 16
How do you assign a Prevention policy to one or more hosts?

  • A. Create a new policy and assign it directly to those hosts on the Host Management page
  • B. Create a new policy and assign it directly to those hosts on the Prevention policy page
  • C. Ensure the hosts are in a group and assign that group to a custom Prevention policy
  • D. Modify the users roles on the User Management page

正解:C


質問 # 17
On a Windows host, what is the best command to determine if the sensor is currently running?

  • A. sc query csagent
  • B. netstat -a
  • C. ping falcon.crowdstrike.com
  • D. This cannot be accomplished with a command

正解:A

解説:
Explanation
On a Windows host, the best command to determine if the sensor is currently running is sc query csagent. This command will show the status of the csagent service, which is responsible for running the sensor on Windows systems. The output of this command will indicate if the service is running, stopped, or paused. If the service is running, the sensor is also running3.
References: 3: How to Become a CrowdStrike Certified Falcon Administrator


質問 # 18
What is the name for the unique host identifier in Falcon assigned to each sensor during sensor installation?

  • A. Security ID (SID)
  • B. Agent ID (AID)
  • C. Computer ID (CID)
  • D. Endpoint ID (EID)

正解:B

解説:
Explanation
The name for the unique host identifier in Falcon assigned to each sensor during sensor installation is Agent ID (AID). The AID is a 32-character hexadecimal string that uniquely identifies each sensor and host in the Falcon platform. The other options are either incorrect or not related to the sensor identifier.
Reference: CrowdStrike Falcon User Guide, page 28.


質問 # 19
Why is it important to know your company's event data retention limits in the Falcon platform?

  • A. Data such as process records are kept for a shorter time than event data
  • B. This is not necessary; you simply select "All Time" in your query to search all data
  • C. You will not be able to search event data into the past beyond your retention period
  • D. Your query will require you to specify the data pool associated with the date you wish to search

正解:C


質問 # 20
Which exclusion pattern will prevent detections on a file at C:\Program Files\My Program\My Files\program.exe?

  • A. *\*
  • B. \Program Files\My Program\*
  • C. *\Program Files\My Program\*\
  • D. \Program Files\My Program\My Files\*

正解:D


質問 # 21
What is the primary purpose of using glob syntax in an exclusion?

  • A. To specify a network share be excluded from detections
  • B. To specify a Domain be excluded from detections
  • C. To specify exclusion patterns to easily add files and folders and extensions to be prevented
  • D. To specify exclusion patterns to easily exclude files and folders and extensions from detections

正解:D


質問 # 22
What best describes the relationship between Sensor Update policies and Operating Systems?

  • A. Windows and Mac share Sensor Update policies. Linux requires its own set of polices based on the different kernel versions
  • B. A Sensor Update policy must be configured for each Operating System (Windows, Mac, Linux)
  • C. Sensor Update polices are not Operating System specific. One policy can be applied to all Operating Systems
  • D. Windows has its own Sensor Update polices. But Mac and Linux share Sensor Update policies

正解:B

解説:
Explanation
The option that describes the relationship between Sensor Update policies and Operating Systems is that a Sensor Update policy must be configured for each Operating System (Windows, Mac, Linux). This option is essentially a repetition of question 141 and its answer. Sensor Update policies are specific to each operating system type, as different operating systems have different sensor versions, features, and requirements. Therefore, you need to create and assign separate Sensor Update policies for each operating system type in your environment1.
References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike


質問 # 23
Where can you find your company's Customer ID (CID)?

  • A. The CID is located at Hosts > Host Management
  • B. The CID is located at Hosts setup and management > Deploy > Sensor Downloads and is listed along with the checksum
  • C. The CID is only available by calling support
  • D. The CID is a secret key used for Falcon communication and is never shared with the customer

正解:B

解説:
Explanation
The CID (Customer ID) is located at Hosts setup and management > Deploy > Sensor Downloads and is listed along with the checksum. The CID is a unique identifier for your organization that is required for authenticating your sensor installation and communication with the Falcon cloud. The checksum is a value that verifies the integrity of the sensor download file. You can find your CID and checksum at the top of the Sensor Downloads page1.
References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike


質問 # 24
When a host belongs to more than one host group, how is sensor update precedence determined?

  • A. Sensors of hosts that belong to more than one group must be manually updated
  • B. The highest precedence policy from the most important group is applied to the host
  • C. Groups have no impact on sensor update policies
  • D. All of the host's groups are examined in aggregate and the policy with highest precedence is applied to the host

正解:D

解説:
Explanation
The option that describes how sensor update precedence is determined when a host belongs to more than one host group is that all of the host's groups are examined in aggregate and the policy with highest precedence is applied to the host. A Sensor Update policy is a policy that controls how and when the Falcon sensor is updated on a host. You can create and assign custom Sensor Update policies to different hosts or groups in your environment. Each Sensor Update policy has a precedence value, which determines its priority over other policies. The higher the precedence value, the higher the priority. If a host belongs to more than one host group, each with a different Sensor Update policy assigned, then all of the host's groups are examined in aggregate and the policy with highest precedence among them is applied to the host.
References: : [Falcon Administrator Learning Path | Infographic | CrowdStrike]


質問 # 25
After Network Containing a host, your Incident Response team states they are unable to remotely connect to the host. Which of the following would need to be configured to allow remote connections from specified IP's?

  • A. Response Policy
  • B. Maintenance Token
  • C. IP Allowlist Management
  • D. Containment Policy

正解:C

解説:
Explanation
The option that would need to be configured to allow remote connections from specified IP's after network containing a host is IP Allowlist Management. IP Allowlist Management allows you to define a list of trusted IP addresses that can communicate with your contained hosts. This way, you can isolate a host from the network while still allowing your incident response team or other authorized parties to remotely connect to the host for investigation or remediation purposes2.
References: 2: Cybersecurity Resources | CrowdStrike


質問 # 26
You need to export a list of all deletions for a specific Host Name in the last 24 hours. What is the best way to do this?

  • A. Utilize the Detection Activity Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detections by Host" section
  • B. Go to Host Management in the Host page. Select the host and use the Export Detections button
  • C. In the Investigate module, access the Detection Activity page. Use the filters to focus on the appropriate hostname and time, then export the results
  • D. Utilize the Detection Resolution Dashboard. Use the filters to focus on the appropriate hostname and time, then export the results from the "Detection Resolution History" section

正解:C

解説:
Explanation
The best way to export a list of all deletions for a specific Host Name in the last 24 hours is to go to the Investigate module, access the Detection Activity page, use the filters to focus on the appropriate hostname and time, then export the results. This will allow you to download a CSV file that contains information about all the detections that were deleted for that host in that time period. The other options are either incorrect or not related to exporting deletions. Reference: CrowdStrike Falcon User Guide, page 49.


質問 # 27
What are custom alerts based on?

  • A. Custom workflows
  • B. User defined Splunk queries
  • C. Predefined alert templates
  • D. Custom event based triggers

正解:C

解説:
Explanation
Scheduling a Custom Alert for your environment consists of three steps: choosing the template you'd like to configure, previewing the search results, then scheduling the alert. Use Custom Alerts to configure email alerts using predefined templates so you're notified about specific activity in your environment. When an alert runs and finds results, it sends an email to specified recipients instead of generating a new detection. Custom Alerts let you set up email alerts based on predefined templates that cover a wide range of topics including Real Time Response session initiation, host containment, OS security settings, and more that are not yet covered by notification workflows.


質問 # 28
Custom IOA rules are defined using which syntax?

  • A. Regex
  • B. PowerShell
  • C. Glob
  • D. Yara

正解:B


質問 # 29
When a host is placed in Network Containment, which of the following is TRUE?

  • A. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and traffic allowed in the Firewall Policy
  • B. The host machine is unable to send or receive network traffic except to/from the Falcon Cloud and any resources allowlisted in the Containment Policy
  • C. The host machine is unable to send or receive network traffic outside of the local network
  • D. The host machine is unable to send or receive any network traffic

正解:B


質問 # 30
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?

  • A. Enable the Client Secret column to reveal the API client secret
  • B. The API client secret cannot be retrieved after it has been created
  • C. The API client secret can be viewed from the Edit API client pop-up box
  • D. Re-create the API client using the exact name to see the API client secret

正解:A


質問 # 31
What model is used to create workflows that would allow you to create custom notifications based on particular events which occur in the Falcon platform?

  • A. Event trigger(s)
  • B. Trigger, condition(s) and action(s)
  • C. For - While statement(s)
  • D. Predefined workflow template(s)

正解:B


質問 # 32
......

あなたを合格させるCrowdStrike試験にCCFA-200試験問題集:https://jp.fast2test.com/CCFA-200-premium-file.html

CCFA-200問題集PDF最新 [2023年最新] 究極の学習ガイド:https://drive.google.com/open?id=1IBaTeD2A02lTr9bj8WsUlxPArNNLT2LR


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어