[Q59-Q81] まもなく無料セール終了!リアルCCFA-200のPDF解答で合格せよ [2022年11月11日]

Share

まもなく無料セール終了!リアルCCFA-200のPDF解答で合格せよ [2022年11月11日]

最新の2022年11月試験CCFA-200問題集合格できる認証試験合格させます

質問 59
On a Windows host, what is the best command to determine if the sensor is currently running?

  • A. This cannot be accomplished with a command
  • B. sc query csagent
  • C. netstat -a
  • D. ping falcon.crowdstrike.com

正解: B

 

質問 60
In order to quarantine files on the host, what prevention policy settings must be enabled?

  • A. Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled
  • B. Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabled
  • C. Malware Protection and Custom Execution Blocking must be enabled
  • D. Malware Protection and Windows Anti-Malware Execution Blocking must be enabled

正解: D

 

質問 61
You want to create a detection-only policy. How do you set this up in your policy's settings?

  • A. You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect.
  • B. Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.
  • C. Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender.
  • D. Select the "Detect-Only" template. Disable hash blocking and exclusions.

正解: B

 

質問 62
When creating new IOCs in IOC management, which of the following fields must be configured?

  • A. Filename, Severity and Expiry Date
  • B. Hash, Action and Expiry Date
  • C. Hash, Platform and Action
  • D. Hash, Description, Filename

正解: C

 

質問 63
Why is it critical to have separate sensor update policies for Windows/Mac/*nix?

  • A. The network protocols are different for each host OS
  • B. To assist with testing and tracking sensor rollouts
  • C. It is an auditing requirement
  • D. There may be special considerations for each OS

正解: C

 

質問 64
An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

  • A. There is no limit and exclusions can be applied to any or all groups
  • B. File exclusions are not aligned to groups or hosts
  • C. Each exclusion can be aligned to only one group of hosts
  • D. There is a limit of three groups of hosts applied to any exclusion

正解: D

 

質問 65
If a user wanted to install an older version of the Falcon sensor, how would they find the older installer file?

  • A. By emailing CrowdStrike support at [email protected]
  • B. By installing the current sensor and clicking the "downgrade" button during the install
  • C. Older versions of the sensor are not available for download
  • D. By clicking on "Older versions" links under the Host setup and management > Deploy > Sensor downloads

正解: D

 

質問 66
You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message. What is the best way to update the workflow?

  • A. Clone the workflow and replace the existing email with your CISO's email
  • B. Add the CISO's email to the existing action
  • C. Add a parallel action to send a custom email to your CISO
  • D. Add a sequential action to send a custom email to your CISO

正解: D

 

質問 67
How long are detection events kept in Falcon?

  • A. Detection events are kept for 7 days
  • B. Detection events are kept for 90 days
  • C. Detections events are kept for your subscribed data retention period
  • D. Detection events are kept for 30 days

正解: C

 

質問 68
How does the Unique Hosts Connecting to Countries Map help an administrator?

  • A. It helps visualize global network communication
  • B. It displays intrusions from foreign countries
  • C. It highlights countries with known malware
  • D. It identifies connections containing threats

正解: A

 

質問 69
Why is the ability to disable detections helpful?

  • A. It gives users the ability to allowlist a false positive detection
  • B. It gives users the ability to remove all data from hosts that have been uninstalled
  • C. It gives users the ability to set up hosts to test detections and later remove them from the console
  • D. It gives users the ability to uninstall the sensor from a host

正解: A

 

質問 70
Which of the following best describes the Default Sensor Update policy?

  • A. The Default Sensor Update policy is a "catch-all" policy
  • B. The Default Sensor Update policy is disabled by default
  • C. The Default Sensor Update policy does not have the "Uninstall and maintenance protection" feature
  • D. The Default Sensor Update policy is only used for testing sensor updates

正解: A

 

質問 71
When would the No Action option be assigned to a hash in IOC Management?

  • A. Add the indicator to your blocklist and show it as a detection
  • B. Add the indicator to your allowlist and do not detect it
  • C. There is no such option as No Action available in the Falcon console
  • D. When you want to save the indicator for later action, but do not want to block or allow it at this time

正解: D

 

質問 72
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?

  • A. Real Time Responder - Read Only Analyst
  • B. Falcon Analyst - Read Only
  • C. Remediation Manager
  • D. Real Time Responder - Active Responder

正解: B

 

質問 73
You are evaluating the most appropriate Prevention Policy Machine Learning slider settings for your environment. In your testing phase, you configure the Detection slider as Aggressive. After running the sensor with this configuration for 1 week of testing, which Audit report should you review to determine the best Machine Learning slider settings for your organization?

  • A. Machine-Learning Prevention Monitoring
  • B. Prevention Hashes Ignored
  • C. Prevention Policy Audit Trail
  • D. Prevention Policy Debug

正解: C

 

質問 74
Where do you obtain the Windows sensor installer for CrowdStrike Falcon?

  • A. Sensor installers are not used because sensors are deployed from within Falcon
  • B. Sensor installers are unique to each customer and must be obtained from support
  • C. Sensor installers are downloaded from the Support section of the CrowdStrike website
  • D. Sensors are downloaded from the Hosts > Sensor Downloads

正解: B

 

質問 75
Which option allows you to exclude behavioral detections from the detections page?

  • A. IOC Exclusion
  • B. IOA Exclusion
  • C. Sensor Visibility Exclusion
  • D. Machine Learning Exclusion

正解: D

 

質問 76
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?

  • A. Re-create the API client using the exact name to see the API client secret
  • B. The API client secret can be viewed from the Edit API client pop-up box
  • C. The API client secret cannot be retrieved after it has been created
  • D. Enable the Client Secret column to reveal the API client secret

正解: D

 

質問 77
What command should be run to verify if a Windows sensor is running?

  • A. regedit myfile.reg
  • B. netstat -f
  • C. ps -ef | grep falcon
  • D. sc query csagent

正解: D

 

質問 78
Custom IOA rules are defined using which syntax?

  • A. Yara
  • B. Regex
  • C. PowerShell
  • D. Glob

正解: C

 

質問 79
Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?

  • A. Remediation Manager
  • B. Real Time Responder
  • C. Falcon Investigator
  • D. Endpoint Manager

正解: C

 

質問 80
What is the purpose of a containment policy?

  • A. To define which Falcon analysts can contain endpoints
  • B. To define the duration of Network Containment
  • C. To define allowed IP addresses over which your hosts will communicate when contained
  • D. To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)

正解: D

 

質問 81
......

CCFA-200問題集が合格させる、一日でCrowdStrike Certified Falcon Administrator試験合格:https://jp.fast2test.com/CCFA-200-premium-file.html

最新でリアルなCrowdStrike CCFA-200試験問題集解答:https://drive.google.com/open?id=1IBaTeD2A02lTr9bj8WsUlxPArNNLT2LR


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어