← Back to exam page

CCFA-200 – CrowdStrike Certified Falcon Administrator

Loading demo links...

Showing 1–3 of 10 questions

Question 1

What impact does disabling detections on a host have on an API?

Select an option, then click Submit answer.

○
Endpoints with detections disabled will not alert on anything until detections are enabled again
○
Endpoints cannot have their detections disabled individually
○
DetectionSummaryEvent stops sending to the Streaming API for that host
○
Endpoints with detections disabled will not alert on anything for 24 hours (by default) or longer if that setting is changed

Question 2

How long are detection events kept in Falcon?

Select an option, then click Submit answer.

○
Detection events are kept for 90 days
○
Detections events are kept for your subscribed data retention period
○
Detection events are kept for 7 days
○
Detection events are kept for 30 days

Question 3

The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Which statement is TRUE concerning Falcon sensor certificate validation?

Select an option, then click Submit answer.

○
SSL inspection should be configured to occur on all Falcon traffic
○
Some network configurations, such as deep packet inspection, interfere with certificate validation
○
HTTPS interception should be enabled to proceed with certificate validation
○
Common sources of interference with certificate pinning include protocol race conditions and resource contention

← Prev 1 2 3 4 Next →

Page 1 of 4

Sale Ends In

2h 0m 0s