ExamTopics Logo
Mail Us[email protected]
Menu
 

CCFA Actual Exam Questions

Last updated on June 29, 2025.
Vendor:CrowdStrike
Exam Code:CCFA
Exam Name:CrowdStrike Certified Falcon Administrator
Exam Questions:248
97% Passed the exam with this material
 

Topic 1 - Exam A

Question #1 Topic 1

What is the function of a single asterisk (*) in an ML exclusion pattern?

  • A. The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path
  • B. The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path
  • C. The single asterisk is the insertion point for the variable list that follows the path
  • D. The single asterisk is only used to start an expression, and it represents the drive letter
Reveal Solution Hide Solution   Discussion   7

Correct Answer: B 🗳️

Question #2 Topic 1

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

  • A. Contact support and request that they modify the Machine Learning settings to no longer include this detection
  • B. Using IOC Management, add the hash of the binary in question and set the action to "Allow"
  • C. Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
  • D. Using IOC Management, add the hash of the binary in question and set the action to "No Action"
Reveal Solution Hide Solution   Discussion   8

Correct Answer: B 🗳️

Question #3 Topic 1

What is the purpose of a containment policy?

  • A. To define which Falcon analysts can contain endpoints
  • B. To define the duration of Network Containment
  • C. To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)
  • D. To define allowed IP addresses over which your hosts will communicate when contained
Reveal Solution Hide Solution   Discussion   14

Correct Answer: D 🗳️

Question #4 Topic 1

An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

  • A. File exclusions are not aligned to groups or hosts
  • B. There is a limit of three groups of hosts applied to any exclusion
  • C. There is no limit and exclusions can be applied to any or all groups
  • D. Each exclusion can be aligned to only one group of hosts
Reveal Solution Hide Solution   Discussion   8

Correct Answer: C 🗳️

Question #5 Topic 1

Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?

  • A. Real Time Responder
  • B. Endpoint Manager
  • C. Falcon Investigator
  • D. Remediation Manager
Reveal Solution Hide Solution   Discussion   10

Correct Answer: A 🗳️

file Viewing page 1 out of 50 pages.
Viewing questions 1-5 out of 248 questions
Next Questions
Browse atleast 50% to increase passing rate cup
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.