Instant Access CrowdStrike.CCFA-200.v2023-05-15.q34 Actual Practice Test Engine for Free (Page 3)

Question 6

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

A.Using IOC Management, add the hash of the binary in question and set the action to "Allow"
B.Using IOC Management, add the hash of the binary in question and set the action to "No Action"
C.Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
D.Contact support and request that they modify the Machine Learning settings to no longer include this detection

Question 7

What impact does disabling detections on a host have on an API?

A.Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed
B.Endpoints with detections disabled will not alert on anything until detections are enabled again
C.DetectionSummaryEvent stops sending to the Streaming API for that host
D.Endpoints cannot have their detections disabled individually

Question 8

You want to create a detection-only policy. How do you set this up in your policy's settings?

A.You can't create a policy that detects but does not prevent. Use Custom IOA rules to detect.
B.Select the "Detect-Only" template. Disable hash blocking and exclusions.
C.Enable the detection sliders and disable the prevention sliders. Then ensure that Next Gen Antivirus is enabled so it will disable Windows Defender.
D.Set the Next-Gen Antivirus detection settings to the desired detection level and all the prevention sliders to disabled. Do not activate any of the other blocking or malware prevention options.

Question 9

You are attempting to install the Falcon sensor on a host with a slow Internet connection and the installation fails after 20 minutes. Which of the following parameters can be used to override the 20 minute default provisioning window?

A.Timeout=0
B.ProvNoWait=1
C.Timeout=30
D.ExtendedWindow=1

Question 10

Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?

A.Remediation Manager
B.Real Time Responder
C.Falcon Investigator
D.Endpoint Manager

Question 6

Question 7

Question 8

Question 9

Question 10

Download PDF File