CrowdStrike CCFA-200b - CrowdStrike Certified Falcon Administrator Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Exam A)
What page provides a count of new Reduced Functionality Mode (RFM) sensors by day?
A. Hosts Overview
B. Sensor Health
C. Activity Overview
D. Support and resources
Answer: B
Question #7 (Topic: Exam A)
Which report would show you an overview of the top ten most-applied policies by sensors in your environment?
A. Scheduled reports
B. Sensor report dashboard
C. Executive summary
D. Sensor policy daily report
Answer: D
Question #8 (Topic: Exam A)
What could cause your Windows host to be in Reduced Functionality Mode (RFM)?
A. CrowdStrike has not certified the latest Windows update
B. A sensor update policy was misconfigured
C. A misconfiguration in your prevention policy
D. The host lost internet connectivity
Answer: D
Question #9 (Topic: Exam A)
Where can you find the history of the successes and failures for any Fusion SOAR workflows?
A. Falcon UI Audit Trail
B. Custom Alert History
C. Workflow Audit log
D. Workflow Execution log
Answer: D
Question #10 (Topic: Exam A)
What is the purpose of the Machine-Learning Prevention Monitoring Audit Log?
A. It is the dashboard used by an analyst to view all items quarantined and to release any items deemed non-malicious
B. It is the dashboard used to see machine-learning preventions, and it is used to identify spikes in activity and possible targeted attacks
C. It is designed to show malicious processes that would have been blocked in your environment based on different Machine-Learning Prevention settings
D. It is designed to give an administrator a quick overview of machine-learning aggressiveness settings as well as the numbers of items actually quarantined
Answer: C
