Summer Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

CCFA-200b Sample Questions Answers

Questions 4

When searching for a host network address, which IP notation should be used?

Options:

A.

10 10105,1010108

B.

1010102,10 10107

C.

192.168.5.1/24

D.

192 168 5 1-100

Buy Now
Questions 5

Your security team is noticing that certain privacy-sensitive information such as the URL, HTTP Header and POST bodies are missing from HTTP related detections. What is likely the cause for this?

Options:

A.

The prevention policy was configured to have an aggressive prevention setting, but only a cautious detection setting

B.

The prevention policy has been configured to redact HTTP detection details

C.

The network perimeter firewall blocked the HTTP connection attempts so there was nothing for Falcon to detect

D.

The prevention policy was never configured to generate HTTP detections

Buy Now
Questions 6

What happens to policy assignment when a host does not match any custom host group criteria?

Options:

A.

The last active policy remains

B.

The default policy is applied

C.

No policy is applied

D.

The most restrictive policy is applied

Buy Now
Questions 7

You will be testing detections with pentest and security tooling on your host. How can a workflow be created to automatically assign any detection related to your pentest to yourself in real time?

Options:

A.

Create an Event trigger workflow that triggers on an EPP Detection with an action to assign the detection to yourself

B.

Create an Event trigger workflow that triggers on an EPP Detection with conditions looking for the desired hostname

C.

Create an alert on usage of the tools and assign the alerts to you automatically via workflow

D.

Create an IOC for the host to trigger associated detections and assign them to you via workflow

Buy Now
Questions 8

What is the primary purpose of audit logs in Falcon?

Options:

A.

Trace file changes

B.

Track configuration changes

C.

Monitor system performance

Buy Now
Questions 9

You want to add an additional layer of security to high-risk Real Time Response commands for your environment. Where do you configure MFA for RTR within the UI?

Options:

A.

General settings

B.

Notifications

C.

Response policies

D.

Containment policy

Buy Now
Questions 10

Which role allows a Falcon user to create Real Time Response Custom Scripts?

Options:

A.

Real Time Responder – Active Responder

B.

Real Time Responder – Administrator

C.

Real Time Responder – Read Only Analyst

D.

Real Time Responder – Script Developer

Buy Now
Questions 11

Your development team is working on a new enterprise application, but Falcon starts creating alerts during testing. The alert points to “C:\Users\Bob\DevCode\felix.dll”. In the detection, you see that it is triggering only on a specific Falcon IOA. What would be the best course of action for this situation?

Options:

A.

Create an IOA exclusion for “C:\Users\Bob\DevCode\felix.dll”

B.

Create a Custom IOC and set it to “Allow” for “C:\Users\Bob\DevCode\felix.dll”

C.

Manually turn off the built-in IOA through prevention policies

D.

Create a sensor visibility exclusion for “C:\Users\Bob\DevCode\felix.dll”

Buy Now
Questions 12

Which report in Falcon can be used to determine the volume of blocked activity at a different prevention policy setting?

Options:

A.

Falcon Prevention Policy Debug

B.

Machine Learning Prevention Monitoring

C.

Prevention Policy Audit Trail

Buy Now
Questions 13

You are attempting to install the Falcon sensor on a host with a slow internet connection, and the installation fails after 20 minutes. What parameter can be used to override the 20-minute default provisioning window?

Options:

A.

Timeout=30

B.

ProvNoWait=1

C.

Timeout=0

D.

DelayedStart=1

Buy Now
Questions 14

You have 100 hashes that have been prohibited by management and need to be blocked within your organization. Using Falcon, what is the best way to accomplish this?

Options:

A.

Navigate to Configure > IOC Management. Add a custom IOC. Add the list of hashes. Set the action to Block. Verify the prevention policy includes Custom Blocking under Execution Blocking.

B.

Navigate to Configure > Prevention policies. Add an IOC Policy. Add the list of hashes as CSV file. Set the action to Block. Verify Custom Execution Blocking is active.

C.

Navigate to Configure > IOC Management. Add a custom Prevention Policy. Add the list of hashes. Set the action to Block. Verify the policy includes Custom Execution Blocking.

D.

Navigate to Configure > Prevention policies. Add an IOC Policy. Add the list of hashes as CSV file. Set the action to Block and Alert. Verify Custom Blocking inside Execution Blocking is active.

Buy Now
Questions 15

What is the recommended approach for managing host groups over time?

Options:

A.

Create separate groups for each department

B.

Create groups based on IP ranges

C.

Maintain multiple overlapping host groups

D.

Minimize the number of groups

Buy Now
Questions 16

Where can you find hosts that have been offline for ten minutes or longer?

Options:

A.

Host Management

B.

Sensor Coverage Dashboard

C.

Host Groups

Buy Now
Questions 17

What is the primary purpose of custom IOA rules?

Options:

A.

Block known malware

B.

Identify malicious behavior

C.

Manage system updates

D.

Configure network settings

Buy Now
Questions 18

After attempting to uninstall the Falcon sensor from a Windows endpoint, the process appears stuck. What troubleshooting step should be taken?

Options:

A.

Reboot the system immediately

B.

Force stop the sensor service in Task Manager

C.

Delete the sensor directory manually

D.

Check the CrowdStrike Windows Sensor log file for errors

Buy Now
Questions 19

Which report would show you an overview of the top ten most-applied policies by sensors in your environment?

Options:

A.

Scheduled reports

B.

Sensor report dashboard

C.

Executive summary

D.

Sensor policy daily report

Buy Now
Questions 20

When an API client is created, what two pieces of information must be generated as a pair to successfully identify and validate your API integrations?

Options:

A.

Customer ID and Integration ID

B.

Client ID and Secret

C.

Customer ID and Secret

D.

Client ID and OAuth2 ID

Buy Now
Questions 21

How can you search for multiple hostnames at the same time via Host Management?

Options:

A.

Enter the multiple hostnames in the Hostname filter separating each by a comma

B.

Add the Hostname filter multiple times and enter separate hostnames into each filter

C.

Enter the multiple hostnames in the Hostname filter separating each by a decimal

D.

Add the Multiple Hostnames filter and enter your list of hostnames

Buy Now
Questions 22

What best describes the relationship between Sensor Update policies and Operating Systems?

Options:

A.

A Sensor Update policy must be configured for each Operating System (Windows, Mac, Linux)

B.

Sensor Update polices are not Operating System specific; one policy can be applied to all Operating Systems

C.

Windows has its own Sensor Update polices; Mac and Linux share Sensor Update policies

D.

Windows and Mac share Sensor Update policies; Linux requires its own set of polices based on the different kernel versions

Buy Now
Questions 23

Your leadership wants controls in place for immediate action on any OverWatch detections. What should you do to ensure the host is contained quickly and notifies the appropriate staff?

Options:

A.

Create a Fusion SOAR workflow using the OverWatch playbook to contain the host and email the SOC team

B.

Create a Fusion SOAR workflow to contain the host and email the OverWatch team

C.

Create a Fusion SOAR workflow to trigger on an OverWatch detection and set it to block the detection

D.

Create a Fusion SOAR workflow to create a detection for OverWatch and email the SOC team

Buy Now
Questions 24

There are a significant number of false positive detections from your developers that are getting blocked and quarantined by Falcon. What Indicator of Compromise (IOC) action would be the best option?

Options:

A.

Detect Only

B.

Allow

C.

Prevent

D.

No action

Buy Now
Questions 25

What information can be found in the Real Time Response (RTR) Audit Log?

Options:

A.

IP Address, Prevention Policy, recent detections, and host group assignment

B.

Session end time, command return results, and file activity

C.

Session start time, duration, user, hostname, commands used, and retrieved files

D.

Real Time Response (RTR) information is not collected via audit logs

Buy Now
Questions 26

After enabling an IOA rule and its respective rule group, what else must be done for an IOA to be fully functional?

Options:

A.

The rule must be manually triggered

B.

Hosts must be individually selected to apply to the rule

C.

The rule group must be assigned to a prevention policy

Buy Now
Questions 27

When creating your own Fusion SOAR workflow based on an Event trigger, which additional option will refine the trigger?

Options:

A.

Condition

B.

Parameter

C.

Filter

D.

Trigger Details

Buy Now
Questions 28

Where can you find a list of hosts that have not communicated with the CrowdStrike Cloud?

Options:

A.

Host Groups

B.

Inactive Sensors

C.

Activity Dashboard

D.

Sensor Report

Buy Now
Questions 29

Your development team is working on a new enterprise application, but Falcon starts creating alerts during testing. The alert points to C:\Users\Bob\DevCode\felix.dll. In the detection, you see that it is triggering only on a specific Falcon IOA. What action should be taken to resolve this issue?

Options:

A.

Create an exclusion for the felix.dll file

B.

Create an IOA exclusion for C:\Users\Bob\DevCode\felix.dll

C.

Create a separate Host Group for development machines and apply a less restrictive policy

D.

Create a Custom IOC and set it to Allow for C:\Users\Bob\DevCode\felix.dll

Buy Now
Questions 30

When would the No Action option be assigned to a hash in IOC Management?

Options:

A.

When you want to save the indicator for later action, but do not want to block or allow it at this time

B.

There is no such option as No Action available in the Falcon console

C.

When you want to add the indicator to your allowlist, but not detect it

D.

When you want to add the indicator to your blocklist and show it as a detection

Buy Now
Exam Code: CCFA-200b
Exam Name: CrowdStrike Falcon Certification Program
Last Update: Jul 2, 2026
Questions: 100

PDF + Testing Engine

$64.99 $185.69

Testing Engine

$49.99 $142.83

PDF (Q&A)

$54.99 $157.11