Free Preparation Discussions
MENU
CrowdStrike CCFA-200b Exam Questions
- Topic 1: User Management: This domain covers determining appropriate roles for console access, creating and assigning roles with specific permissions, and managing API keys for platform access.
- Topic 2: Sensor Deployment: This domain focuses on verifying installation prerequisites, applying default policies and best practices, uninstalling sensors, and troubleshooting sensor issues across supported operating systems.
- Topic 3: Host Management and Setup: This domain addresses filtering and organizing hosts, disabling detections and understanding their effects, managing Reduced Functionality Mode situations, locating inactive sensors and their retention, and utilizing relevant management reports.
- Topic 4: Group Creation: This domain covers assigning endpoints to appropriate groups for policy application and following best practices for managing host group structures.
- Topic 5: Policy Application: This domain encompasses configuring prevention policies for security posture, sensor update policies, RTR audit policies, containment policies with IP exclusions, and managing quarantined files.
- Topic 6: Rules Configuration: This domain involves creating custom IOA rules, configuring exclusions to resolve false positives, managing IOC settings for threat detection, and configuring CID-wide General Settings.
- Topic 7: Dashboards and Reports: This domain covers understanding different sensor report types and their use cases, and interpreting various audit logs for tracking platform activities.
- Topic 8: Workflows: This domain focuses on configuring automated workflows that execute predefined actions when specific triggers or conditions are met.
Free CrowdStrike CCFA-200b Exam Actual Questions
Note: Premium Questions for CCFA-200b were last updated On Jun. 07, 2026 (see below)
What is the function of a single asterisk (*) in an ML exclusion pattern?
The asterisk is a wildcard character that can be used in exclusion patterns to match any number of characters. However, it does not match separator characters, such as \ or /, which are used to separate portions of a file path. For example, the patternC:\Windows\*\*.exewill match any executable file in any subfolder of the Windows folder, but not in the Windows folder itself.
How does the Unique Hosts Connecting to Countries Map help an administrator?
The Unique Hosts Connecting to Countries Map helps an administrator to visualize global network communication. The map shows the number of unique hosts in your environment that have established network connections to different countries in the past 24 hours.You can use this map to identify unusual or suspicious network activity, such as connections to high-risk countries or regions, or connections from hosts that are not expected to communicate with external entities2.
Which report can assist in determining the appropriate Machine Learning levels to set in a Prevention Policy?
The Machine Learning Prevention Monitoring report in the Prevention Policy Management option allows you to monitor the impact of machine learning (ML) prevention settings on your environment. You can view the number of ML detections and preventions by severity, policy, and host group. You can also drill down into specific events and hosts to see more details.This report can help you determine the appropriate ML levels to set in a prevention policy based on your risk tolerance and security posture1.
Where can you modify settings to permit certain traffic during a containment period?
The administrator can modify settings to permit certain traffic during a containment period by creating or editing a Containment Policy. This policy allows users to specify which ports, protocols and IP addresses are allowed or blocked during network containment. The other options are either incorrect or not related to network containment. Reference: [CrowdStrike Falcon User Guide], page 40.
Which of the following is NOT a way to determine the sensor version installed on a specific endpoint?
From a command line, running the sc query csagent -version command is not a way to determine the sensor version installed on a specific endpoint. This command will only show the status of the csagent service, not the sensor version. The other options are valid ways to determine the sensor version installed on a specific endpoint using Falcon UI or API.You can use the Sensor Report, the Host Search, or the Host Management features to filter, search, or select the desired endpoint and view the sensor version information12.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Elizabeth Taylor
10 days agoJason Walker
13 days agoKimberly Thomas
1 month agoNathan Edwards
1 month agoJames Walker
1 month agoBrenda Peterson
27 days agoDaniel Taylor
24 days agoKimberly Williams
21 days agoTiffany Taylor
1 month agoLashanda
2 months agoJaney
2 months agoLatosha
3 months agoClaribel
3 months agoShaunna
3 months agoBethanie
4 months agoLea
4 months agoTeddy
4 months agoTheron
4 months agoArtie
5 months agoBen
5 months agoErnest
5 months ago