Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
sale

Want to Unlock All Questions for this Exam?

Full Exam Access, Discussions, No Robots Checks

CrowdStrike CCFA Exam Actual Questions

The questions for CCFA were last updated on June 14, 2024.
  • Viewing page 1 out of 43 pages.
  • Viewing questions 1-4 out of 170 questions

Topic 1 - Exam A

Question #1 Topic 1

What is the function of a single asterisk (*) in an ML exclusion pattern?

  • A. The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path
  • B. The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path
  • C. The single asterisk is the insertion point for the variable list that follows the path
  • D. The single asterisk is only used to start an expression, and it represents the drive letter
Reveal Solution Hide Solution   Discussion   6

Correct Answer: B 🗳️

Question #2 Topic 1

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

  • A. Contact support and request that they modify the Machine Learning settings to no longer include this detection
  • B. Using IOC Management, add the hash of the binary in question and set the action to "Allow"
  • C. Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"
  • D. Using IOC Management, add the hash of the binary in question and set the action to "No Action"
Reveal Solution Hide Solution   Discussion   6

Correct Answer: B 🗳️

Question #3 Topic 1

What is the purpose of a containment policy?

  • A. To define which Falcon analysts can contain endpoints
  • B. To define the duration of Network Containment
  • C. To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)
  • D. To define allowed IP addresses over which your hosts will communicate when contained
Reveal Solution Hide Solution   Discussion   9

Correct Answer: C 🗳️

Question #4 Topic 1

An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

  • A. File exclusions are not aligned to groups or hosts
  • B. There is a limit of three groups of hosts applied to any exclusion
  • C. There is no limit and exclusions can be applied to any or all groups
  • D. Each exclusion can be aligned to only one group of hosts
Reveal Solution Hide Solution   Discussion   7

Correct Answer: B 🗳️

Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...