CrowdStrike CCFA-200 Exam Questions - Real Practice Questions for Guaranteed Success

Question 1

What is likely the reason your Windows host would be in Reduced Functionality Mode (RFM)?

AMicrosoft updates altering the kernel

BThe host lost internet connectivity

CA misconfiguration in your prevention policy for the host

DA Sensor Update Policy was misconfigured

Correct : B

The likely reason your Windows host would be in Reduced Functionality Mode (RFM) is that the host lost internet connectivity. RFM is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure. When a Windows sensor is in RFM, it will only provide basic prevention capabilities, such as blocking known malware hashes and preventing script execution from the %TEMP% directory.The sensor will not send any telemetry or detection events to the Falcon platform, and will not receive any policy or update changes from the Falcon cloud1. Losing internet connectivity is a common cause of RFM, as it prevents the sensor from communicating with the Falcon cloud. A misconfiguration in your prevention policy or sensor update policy will not cause RFM, as these policies are applied by the Falcon cloud and do not affect the sensor's license, network, or certificate status.Microsoft updates altering the kernel may cause compatibility issues with the sensor, but not RFM3.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AMicrosoft updates altering the kernel

BThe host lost internet connectivity

CA misconfiguration in your prevention policy for the host

DA Sensor Update Policy was misconfigured

0 / 1500

Question 2

On the Host management page which filter could be used to quickly identify all devices categorized as a "Workstation" by the Falcon Platform?

AStatus

BPlatform

CHostname

DType

Correct : D

The filter that could be used to quickly identify all devices categorized as a ''Workstation'' by the Falcon Platform on the Host Management page is Type. The Type filter allows you to filter hosts by their device type, such as workstation, server, or domain controller. The device type is assigned to each host based on their Active Directory domain structure.You can use the Type filter to quickly identify all hosts that have the workstation type assigned in their domain2.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AStatus

BPlatform

CHostname

DType

0 / 1500

Question 3

Where in the console can you find a list of all hosts in your environment that are in Reduced Functionality Mode (RFM)?

AHost Dashboard

BHost Management > Filter for RFM

CInactive Sensor Report

DContainment Policy

Correct : B

The place in the console where you can find a list of all hosts in your environment that are in Reduced Functionality Mode (RFM) is Host Management > Filter for RFM. The Host Management page allows you to view and manage all hosts in your environment that have Falcon sensors installed. You can use the filter bar to filter hosts by various attributes, such as status, platform, type, or group. You can also filter hosts by health events, such as RFM, which is a mode that limits the sensor's functionality due to license expiration, network connectivity loss, or certificate validation failure.By filtering for RFM, you can see a list of all hosts that are in this mode1.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AHost Dashboard

BHost Management > Filter for RFM

CInactive Sensor Report

DContainment Policy

0 / 1500

Question 4

An inactive host that does not contact the Falcon cloud will be automatically removed from the Host Management and Trash pages after how many days?

A45 Days

B60 Days

C75 Days

D90 Days

Correct : D

An inactive host that does not contact the Falcon cloud will be automatically removed from the Host Management and Trash pages after 90 days. An inactive host is a host that has not communicated with the Falcon platform for more than seven days. An inactive host will be moved from the Host Management page to the Trash page after seven days of inactivity. An inactive host will remain in the Trash page for 90 days before being permanently deleted from the Falcon platform.You can restore an inactive host from the Trash page if it becomes active again within 90 days1.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

A45 Days

B60 Days

C75 Days

D90 Days

0 / 1500

Question 5

Why do Sensor Update policies need to be configured for each OS (Windows, Mac, Linux)?

ATo bundle the Sensor and Prevention policies together into a deployment package

BSensor Update policies are OS dependent

CTo assist with auditing and change management

DThis is false. One policy can be applied to all Operating Systems

Correct : B

Sensor Update policies need to be configured for each OS (Windows, Mac, Linux) because Sensor Update policies are OS dependent. A Sensor Update policy is a policy that controls how and when the Falcon sensor is updated on a host. Sensor Update policies are specific to each operating system type, as different operating systems have different sensor versions, features, and requirements.Therefore, you need to create and assign separate Sensor Update policies for each operating system type in your environment1.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ATo bundle the Sensor and Prevention policies together into a deployment package

BSensor Update policies are OS dependent

CTo assist with auditing and change management

DThis is false. One policy can be applied to all Operating Systems

0 / 1500

Master CrowdStrike CCFA-200 Exam with Reliable Practice Questions

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users:

Options Selected by Other Users: