CCFA Actual Exam Questions

Last updated on Dec. 19, 2024.
Vendor:CrowdStrike
Exam Code:CCFA
Exam Name:CrowdStrike Certified Falcon Administrator
Exam Questions:185
 

Topic 1 - Exam A

Question #1 Topic 1

What is the function of a single asterisk (*) in an ML exclusion pattern?

  • A. The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path
  • B. The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path
  • C. The single asterisk is the insertion point for the variable list that follows the path
  • D. The single asterisk is only used to start an expression, and it represents the drive letter
Reveal Solution Hide Solution   Discussion   7

Correct Answer: B 🗳️

Question #2 Topic 1

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

  • A. Contact support and request that they modify the Machine Learning settings to no longer include this detection
  • B. Using IOC Management, add the hash of the binary in question and set the action to "Allow"
  • C. Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
  • D. Using IOC Management, add the hash of the binary in question and set the action to "No Action"
Reveal Solution Hide Solution   Discussion   8

Correct Answer: B 🗳️

Question #3 Topic 1

What is the purpose of a containment policy?

  • A. To define which Falcon analysts can contain endpoints
  • B. To define the duration of Network Containment
  • C. To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)
  • D. To define allowed IP addresses over which your hosts will communicate when contained
Reveal Solution Hide Solution   Discussion   13

Correct Answer: D 🗳️

Question #4 Topic 1

An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

  • A. File exclusions are not aligned to groups or hosts
  • B. There is a limit of three groups of hosts applied to any exclusion
  • C. There is no limit and exclusions can be applied to any or all groups
  • D. Each exclusion can be aligned to only one group of hosts
Reveal Solution Hide Solution   Discussion   8

Correct Answer: C 🗳️

file Viewing page 1 out of 47 pages.
Viewing questions 1-4 out of 185 questions
Next Questions
Browse atleast 50% to increase passing rate cup
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago