CCFA 200
Q: 1
You are tasked with creating a custom Indicator of Attack (IOA) rule to monitor employees using non-
standard web browsers that could indicate shadow IT activity. Which of the following rule conditions
would best achieve this objective?
Options
Q: 2
An inactive host that does not contact the Falcon cloud will be automatically removed from the Host
Management and Trash pages after how many days?
Options
Q: 3
When uninstalling a sensor, which of the following is required if the 'Uninstall and maintenance
protection' setting is enabled within the Sensor Update Policies?
Options
Q: 4
What is the purpose of precedence with respect to the Sensor Update policy?
Options
Q: 5
How do you disable all detections for a host?
Options
Q: 6
Which role in the Falcon console is required to create and manage API keys for integrating third-party
applications with CrowdStrike services?
Options
Q: 7
An analyst is asked to retrieve an API client secret from a previously generated key. How can they
achieve this?
Options
Q: 8
On which page of the Falcon console would you create sensor groups?
Options
Q: 9
What is the primary cause of a CrowdStrike Falcon sensor entering Reduced Functionality Mode (RFM)?
Options
Q: 10
You are configuring the prevention policy for endpoints in the CrowdStrike Falcon console. Which of the
following settings is most appropriate for preventing ransomware attacks while minimizing the risk of
false positives?
Options
Question 1 of 10
