最受歡迎的CCFA-200b學習資料,覆蓋全真CrowdStrike Falcon Administrator CCFA-200b考試考題PDFExamDumps的CrowdStrike專家團隊利用自己的知識和經驗專門研究了最新的短期有效的培訓方式,這個培訓方法對你們是很有幫助的,可以讓你們短期內達到預期的效果,特別是那些邊工作邊學習的考生,可以省時有不費力。選擇PDFExamDumps的培訓資料你將得到你最想要的CCFA-200b培訓資料。 最新的 CrowdStrike Certified Falcon Administrator CCFA-200b 免費考試真題 (Q139-Q144):問題 #139
You are beginning the rollout of the Falcon Sensor for the first time side-by-side with your existing security solution. You need to configure the Machine Learning levels of the Prevention Policy so it does not interfere with existing solutions during the testing phase. What settings do you choose?
A. Detection slider: Extra Aggressive
Prevention slider: Cautious
B. Detection slider: Cautious
Prevention slider: Cautious
C. Detection slider: Moderate
Prevention slider: Disabled
D. Detection slider: Disabled
Prevention slider: Disabled
答案:B
解題說明:
Explanation:The best settings to configure the Machine Learning levels of the Prevention Policy so it does not interfere with existing solutions during the testing phase are Cautious for both Detection and Prevention sliders. This setting will enable the sensor to detect and prevent only high-confidence malicious events, while allowing low-confidence events to run without interference. This setting will also generate less noise and false positives than higher settings, such as Moderate or Extra Aggressive.
問題 #140
What information is provided in Logan Activities under Visibility Reports?
A. A list of last endpoints that a user logged in to
B. A list of unique users who are remotely logged on to devices based on the country
C. A list of users who are remotely logged on to devices based on local IP and local port
D. A list of all logons for all users
答案:A
解題說明:
The Logon Activities report under Visibility Reports provides a list of last endpoints that a user logged in to. This report shows the user name, domain name, logon type, logon time and endpoint name for each logon event. The other options are either incorrect or not related to the report.
問題 #141
When creating a custom IOA for a specific domain, which syntax would be best for detecting or preventing on all subdomains as well?
A. *baddomain. xyz|baddomain. xyz. *
B. Custom IOA rules cannot be created for domains
C. **baddomain. xyz|baddomain. xyz**
D. *.baddomain.xyz|baddomain. xyz
答案:D
解題說明:
The syntax that would be best for detecting or preventing on all subdomains as well is
*.baddomain.xyz|baddomain. xyz. This syntax will match any domain that ends with .baddomain.xyz or is exactly baddomain.xyz. The * wildcard will match any characters before the dot, and the | operator will match either side of the expression. This syntax can be used in a Custom IOC or a Custom IOA rule to detect or prevent network connections to malicious domains.
問題 #142
Once an exclusion is saved, what can be edited in the future?
A. Only the options to "Detect/Block" and/or "File Extraction" can be changed
B. The exclusion pattern cannot be changed
C. All parts of the exclusion can be changed
D. Only the selected groups and hosts to which the exclusion is applied can be changed
答案:C
解題說明:
Once an exclusion is saved, all parts of the exclusion can be changed in the future. The administrator can edit an existing exclusion by selecting it from the Exclusions page and modifying any of its fields, such as pattern, type, option, group or host. The other options are either incorrect or not true of editing exclusions.
問題 #143
What default user role can manage API credentials?