CrowdStrike CCFA - CrowdStrike Certified Falcon Administrator Exam
Page: 2 / 50
Total 248 questions
Question #6 (Topic: Exam A)
What must an admin do to reset a user's password?
A. From User Management, open the account details for the affected user and select "Generate New Password"
B. From User Management, select "Reset Password" from the three dot menu for the affected user account
C. From User Management, select "Update Account" and manually create a new password for the affected user account
D. From User Management, the administrator must rebuild the account as the certificate for user specific private/public key generation is no longer valid
Answer: B
Question #7 (Topic: Exam A)
Your organization has a set of servers that are not allowed to be accessed remotely, including via Real Time Response (RTR). You already have these servers in their own Falcon host group. What is the next step to disable RTR only on these hosts?
A. Edit the Default Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
B. Edit the Default Response Policy and add the host group to the exceptions list under "Real Time Functionality"
C. Create a new Response Policy, toggle the "Real Time Response" switch off and assign the policy to the host group
D. Create a new Response Policy and add the host name to the exceptions list under "Real Time Functionality"
Answer: C
Question #8 (Topic: Exam A)
When creating new IOCs in IOC management, which of the following fields must be configured?
A. Hash, Description, Filename
B. Hash, Action and Expiry Date
C. Filename, Severity and Expiry Date
D. Hash, Platform and Action
Answer: D
Question #9 (Topic: Exam A)
Your CISO has decided all Falcon Analysts should also have the ability to view files and file contents locally on compromised hosts, but without the ability to take them off the host. What is the most appropriate role that can be added to fullfil this requirement?
A. Remediation Manager
B. Real Time Responder – Read Only Analyst
C. Falcon Analyst – Read Only
D. Real Time Responder – Active Responder
Answer: B
Question #10 (Topic: Exam A)
One of your development teams is working on code for a new enterprise application but Falcon continually flags the execution as a detection during testing. All development work is required to be stored on a file share in a folder called "devcode." What setting can you use to reduce false positives on this file path?
A. USB Device Policy
B. Firewall Rule Group
C. Containment Policy
D. Machine Learning Exclusions
Answer: D