
まもなく無料セール終了!リアルCCFA-200のPDF解答で合格せよ [2022年11月11日]
最新の2022年11月試験CCFA-200問題集合格できる認証試験合格させます
質問 59
On a Windows host, what is the best command to determine if the sensor is currently running?
- A. This cannot be accomplished with a command
- B. sc query csagent
- C. netstat -a
- D. ping falcon.crowdstrike.com
正解: B
質問 60
In order to quarantine files on the host, what prevention policy settings must be enabled?
- A. Behavior-Based Threat Prevention sliders and Advanced Remediation Actions must be enabled
- B. Next-Gen Antivirus Prevention sliders and "Quarantine & Security Center Registration" must be enabled
- C. Malware Protection and Custom Execution Blocking must be enabled
- D. Malware Protection and Windows Anti-Malware Execution Blocking must be enabled
正解: D
質問 61
You want to create a detection-only policy. How do you set this up in your policy's settings?
- A. You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect.
- B. Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.
- C. Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender.
- D. Select the "Detect-Only" template. Disable hash blocking and exclusions.
正解: B
質問 62
When creating new IOCs in IOC management, which of the following fields must be configured?
- A. Filename, Severity and Expiry Date
- B. Hash, Action and Expiry Date
- C. Hash, Platform and Action
- D. Hash, Description, Filename
正解: C
質問 63
Why is it critical to have separate sensor update policies for Windows/Mac/*nix?
- A. The network protocols are different for each host OS
- B. To assist with testing and tracking sensor rollouts
- C. It is an auditing requirement
- D. There may be special considerations for each OS
正解: C
質問 64
An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?
- A. There is no limit and exclusions can be applied to any or all groups
- B. File exclusions are not aligned to groups or hosts
- C. Each exclusion can be aligned to only one group of hosts
- D. There is a limit of three groups of hosts applied to any exclusion
正解: D
質問 65
If a user wanted to install an older version of the Falcon sensor, how would they find the older installer file?
- A. By emailing CrowdStrike support at [email protected]
- B. By installing the current sensor and clicking the "downgrade" button during the install
- C. Older versions of the sensor are not available for download
- D. By clicking on "Older versions" links under the Host setup and management > Deploy > Sensor downloads
正解: D
質問 66
You have an existing workflow that is triggered on a critical detection that sends an email to the escalation team. Your CISO has asked to also be notified via email with a customized message. What is the best way to update the workflow?
- A. Clone the workflow and replace the existing email with your CISO's email
- B. Add the CISO's email to the existing action
- C. Add a parallel action to send a custom email to your CISO
- D. Add a sequential action to send a custom email to your CISO
正解: D
質問 67
How long are detection events kept in Falcon?
- A. Detection events are kept for 7 days
- B. Detection events are kept for 90 days
- C. Detections events are kept for your subscribed data retention period
- D. Detection events are kept for 30 days
正解: C
質問 68
How does the Unique Hosts Connecting to Countries Map help an administrator?
- A. It helps visualize global network communication
- B. It displays intrusions from foreign countries
- C. It highlights countries with known malware
- D. It identifies connections containing threats
正解: A
質問 69
Why is the ability to disable detections helpful?
- A. It gives users the ability to allowlist a false positive detection
- B. It gives users the ability to remove all data from hosts that have been uninstalled
- C. It gives users the ability to set up hosts to test detections and later remove them from the console
- D. It gives users the ability to uninstall the sensor from a host
正解: A
質問 70
Which of the following best describes the Default Sensor Update policy?
- A. The Default Sensor Update policy is a "catch-all" policy
- B. The Default Sensor Update policy is disabled by default
- C. The Default Sensor Update policy does not have the "Uninstall and maintenance protection" feature
- D. The Default Sensor Update policy is only used for testing sensor updates
正解: A
質問 71
When would the No Action option be assigned to a hash in IOC Management?
- A. Add the indicator to your blocklist and show it as a detection
- B. Add the indicator to your allowlist and do not detect it
- C. There is no such option as No Action available in the Falcon console
- D. When you want to save the indicator for later action, but do not want to block or allow it at this time
正解: D
質問 72
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?
- A. Real Time Responder - Read Only Analyst
- B. Falcon Analyst - Read Only
- C. Remediation Manager
- D. Real Time Responder - Active Responder
正解: B
質問 73
You are evaluating the most appropriate Prevention Policy Machine Learning slider settings for your environment. In your testing phase, you configure the Detection slider as Aggressive. After running the sensor with this configuration for 1 week of testing, which Audit report should you review to determine the best Machine Learning slider settings for your organization?
- A. Machine-Learning Prevention Monitoring
- B. Prevention Hashes Ignored
- C. Prevention Policy Audit Trail
- D. Prevention Policy Debug
正解: C
質問 74
Where do you obtain the Windows sensor installer for CrowdStrike Falcon?
- A. Sensor installers are not used because sensors are deployed from within Falcon
- B. Sensor installers are unique to each customer and must be obtained from support
- C. Sensor installers are downloaded from the Support section of the CrowdStrike website
- D. Sensors are downloaded from the Hosts > Sensor Downloads
正解: B
質問 75
Which option allows you to exclude behavioral detections from the detections page?
- A. IOC Exclusion
- B. IOA Exclusion
- C. Sensor Visibility Exclusion
- D. Machine Learning Exclusion
正解: D
質問 76
An analyst is asked to retrieve an API client secret from a previously generated key. How can they achieve this?
- A. Re-create the API client using the exact name to see the API client secret
- B. The API client secret can be viewed from the Edit API client pop-up box
- C. The API client secret cannot be retrieved after it has been created
- D. Enable the Client Secret column to reveal the API client secret
正解: D
質問 77
What command should be run to verify if a Windows sensor is running?
- A. regedit myfile.reg
- B. netstat -f
- C. ps -ef | grep falcon
- D. sc query csagent
正解: D
質問 78
Custom IOA rules are defined using which syntax?
- A. Yara
- B. Regex
- C. PowerShell
- D. Glob
正解: C
質問 79
Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?
- A. Remediation Manager
- B. Real Time Responder
- C. Falcon Investigator
- D. Endpoint Manager
正解: C
質問 80
What is the purpose of a containment policy?
- A. To define which Falcon analysts can contain endpoints
- B. To define the duration of Network Containment
- C. To define allowed IP addresses over which your hosts will communicate when contained
- D. To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)
正解: D
質問 81
......
CCFA-200問題集が合格させる、一日でCrowdStrike Certified Falcon Administrator試験合格:https://jp.fast2test.com/CCFA-200-premium-file.html
最新でリアルなCrowdStrike CCFA-200試験問題集解答:https://drive.google.com/open?id=1IBaTeD2A02lTr9bj8WsUlxPArNNLT2LR