CCFA-200通過考試 & CCFA-200考題套裝為通過CrowdStrike CCFA-200 認證考試花大量的時間和精力復習相關知識,但是卻是冒險地通過考試。選擇KaoGuTi的產品卻可以讓你花少量的錢,一次性安全通過考試。我相信在如今時間如此寶貴的社會裏,KaoGuTi更適合你的選擇。而且我們的KaoGuTi是眾多類似網站中最能給你保障的一個網站,選擇KaoGuTi就等於選擇了成功。 最新的 CrowdStrike Certified Falcon Administrator CCFA-200 免費考試真題 (Q115-Q120):問題 #115
An analyst has reported they are not receiving workflow triggered notifications in the past few days. Where should you first check for potential failures?
A. Custom Alert History
B. Workflow Execution log
C. Workflow Audit log
D. Falcon UI Audit Trail
答案:B
問題 #116
Which of the following uses Regex to create a detection or take a preventative action?
A. Custom IOC
B. Machine Learning Exclusion
C. Custom IOA
D. Sensor Visibility Exclusion
答案:C
解題說明:
Explanation
The option that uses regex to create a detection or take a preventative action is Custom IOA. A Custom IOA (indicator of attack) allows you to define custom rules for detecting or preventing suspicious behavior based on process execution, file write, network connection, or registry events. You can use regex syntax to create a Custom IOA rule that matches the event data that you want to monitor or block1.
References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike
問題 #117
What is the primary purpose of using glob syntax in an exclusion?
A. To specify exclusion patterns to easily add files and folders and extensions to be prevented
B. To specify a Domain be excluded from detections
C. To specify exclusion patterns to easily exclude files and folders and extensions from detections
D. To specify a network share be excluded from detections
答案:C
問題 #118
You have been asked to troubleshoot why Script Based Execution Monitoring (SBEM) is not enabled on a Falcon host. Which report can be used to determine if this is an issue with an old prevention policy?
A. Custom Alerting Audit Trail
B. Host Update Status Report
C. Prevention Policy Debug
D. SBEM Debug Report
答案:C
解題說明:
Explanation
The report that can be used to determine if Script Based Execution Monitoring (SBEM) is not enabled on a Falcon host due to an old prevention policy is Prevention Policy Debug. The Prevention Policy Debug report allows you to view and compare the prevention policy settings applied to each host in your environment. You can use this report to identify any hosts that have outdated or inconsistent prevention policy settings, such as SBEM, which is a feature that monitors and prevents malicious script execution on Windows systems1.
References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike
問題 #119
You have created a Sensor Update Policy for the Mac platform. Which other operating system(s) will this policy manage?
A. *nix
B. Only Mac
C. Both Windows and *nix
D. Windows
答案:B
解題說明:
Explanation
A Sensor Update Policy for the Mac platform will only manage Mac operating systems. Sensor Update Policies are platform-specific, meaning that they only apply to hosts that have the same operating system as the policy. For example, a Sensor Update Policy for Windows will only manage Windows hosts, and a Sensor Update Policy for Linux will only manage Linux hosts. You cannot create a Sensor Update Policy that manages multiple operating systems at once2.
References: 2: Cybersecurity Resources | CrowdStrike