CrowdStrike CCFA-200 Exam Topics
CrowdStrike CCFA-200 Exam Overview :
| Exam Name: | CrowdStrike Certified Falcon Administrator |
| Exam Code: | CCFA-200 |
| Certifications: | CrowdStrike CCFA Certification |
| See Expected Questions: | CrowdStrike CCFA-200 Expected Questions in Actual Exam |
CrowdStrike CCFA-200 Exam Objectives :
| Section | Objectives |
|---|---|
| 1.0 USER MANAGEMENT | 1.1 Determine roles required for access to features and functionality in the Falcon console 1.1.1 Describe the capabilities and limitations of each RTR role 1.1.2 Create a new user, delete a user and edit a user, etc |
| 2.0 SENSOR DEPLOYMENT | 2.1 Analyze the pre-installation OS/networking requirements prior to installing the Falcon sensor 2.2 Analyze the default policies and apply best practices to prepare workloads for the Falcon sensor 2.3 Apply appropriate settings to successfully install a Falcon sensor on Windows, Linux and macOS 2.3.1 Apply basic sensor install requirements and installation processes 2.3.2 Apply additional/advanced options for images/VDIs, tokens and tags 2.4 Uninstall a sensor 2.5 Troubleshooting 2.5.1 Recognize issues with basic configuration requirements in the system environment or Falconcomponents 2.5.2 Resolve policy settings, permissions and threshold issues 2.5.3 Perform root cause analysis related to system/user issues |
| 3.0 HOST MANAGEMENT | 3.1 Propose how filtering might be used in the Host Management page 3.2 Disable detections for a host 3.3 Explain the effect of disabling detections on a host 3.4 Explain the impact of reduced functionality mode (RFM) and why it might be caused 3.5 Find hosts in RFM 3.6 Find inactive sensors 3.7 Recall how long inactive sensors are retained to define your data backup plan 3.8 Determine which reports to use when reporting on information relating to a host 3.9 Explain the importance of understanding your company’s Falcon Insight data retention timeframe |
| 4.0 GROUP CREATION | 4.1 Determine the appropriate group assignment for endpoints and understand how this impacts the application of policies 4.1.2 Describe policy types, components, application and workflow 4.1.3 Define precedence, groups and best practices |
| 5.0 PREVENTION POLICIES | 5.1 Determine the appropriate prevention policy settings for endpoints and explain how this impacts security posture 5.1.1 Demonstrate what the default policy is used for and apply best practices when configuring default policies 5.1.2 Configure a detection-only policy 5.1.3 Explain what Machine Learning is "on sensor" vs. “the cloud” 5.1.4 Describe what each of the different policy setting options do 5.1.5 Define NextGen AV Settings 5.1.6 Describe what End User Notifications do 5.1.7 Assign a prevention policy to groups and hosts 5.1.8 Explain what precedence does regarding prevention policies 5.1.9 Describe policy best practice |
| 6.0 CUSTOM IOA RULES | 6.1 Create custom IOA rules to monitor behavior that is not fundamentally malicious |
| 7.0 SENSOR UPDATE POLICIES | 7.1 Determine the appropriate sensor update policy settings and related general settings to control the update process 7.1.1 Define an update policy 7.1.2 Demonstrate what the default policy is used for and apply best practices when configuring default policies 7.1.3 Describe what auto-update does 7.1.4 Explain separate policies for MAC/Win/*nix 7.1.5 Explain where build versions are visible for a single sensor or across your environment 7.1.6 Describe what precedence does regarding sensor update policies |
| 8.0 QUARANTINE FILES | 8.1 Apply options required to manage quarantine file |
| 9.0 IOC MANAGEMENT | 9.1 Assess IOC settings required for customized security posturing and to manage false positives |
| 10.0 CONTAINMENT POLICY | 10.1 Configure an allowlist of the appropriate IP addresses, while the network is under containment, based on security workflow requirements 10.2 Describe what a containment policy does 10.3 Allowlist network traffic so it can connect to contained hosts |
| 11.0 EXCLUSIONS | 11.1 Interpret business requirement to allow trusted activity, resolve false positives and fix performance issues 11.1.1 Write an effective file exclusion rule using glob syntax 11.1.2 Apply File Pattern Exclusions to groups 11.1.3 Demonstrate how to manage exclusion rule |
| 12.0 SENSOR REPORTS | 12.1 Explain the different types of sensor reports and what each report provides 12.1.1 Explain what information is contained in Machine-Learning Prevention Monitoring Report 12.1.2 Explain what information is in the Falcon UI Audit Trail Report 12.1.3 Explain what information is in the API Audit Trail, Prevention Policy Audit Trail, Prevention Hashes Ignored Reports 12.1.4 Explain what information is in the Prevention Policy Debug Report 12.1.5 Explain what information a Linux Sensor Report will provide 12.1.6 Explain what information a Mac Sensor Report will provide 12.1.7 Explain the differences between the visibility and hunting reports 12.1.8 Explain the information shown in the logon activity report 12.1.9 Explain the information shown in the remote logon activity report 12.1.10 Explain the information shown on the remote access graph 12.1.12 Explain what information can be found in the visibility reports 12.1.13 Write an effective custom alert rule |
| 13.0 REAL TIME RESPONSE POLICY/AUDIT LOGS | 13.1 Apply roles, policy settings, and track and review RTR audit logs to manage user activity |
| 14.0 API CLIENTS AND KEYS | 14.1 Manage API Key |
| 15.0 NOTIFICATION WORKFLOW | 15.1 Configure custom alerts to notify individuals about policies, detections and incidents |
| Official Information | https://www.crowdstrike.com/wp-content/uploads/2022/09/csu-cfcp-certification-guide.pdf |
Updates in the CrowdStrike CCFA-200 Exam Topics:
CrowdStrike CCFA-200 exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual CrowdStrike Certified Falcon Administrator CCFA-200 exam on the first attempt, you need to put in hard work on these questions as they cover all updated CrowdStrike CCFA-200 exam topics included in the official syllabus. Besides studying actual questions, you should take the CrowdStrike CCFA-200 practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the CrowdStrike Certified Falcon Administrator CCFA-200 exam practice test. Online and Windows-based formats of the CCFA-200 exam practice test are available for self-assessment.
Our Features
- 50000+ Customers feedbacks involved in Products
- Customize your exam based on your objectives
- User-Friendly interface
- Exam History and Progress reports
- Self-Assessment Features
- Various Learning Modes