CrowdStrike CCFA-200 Exam Syllabus
CrowdStrike Certified Falcon Administrator
Total Questions: 153What is Included in the CrowdStrike CCFA-200 Exam?
Authentic information about the syllabus and an effective study guide is essential to go through the CrowdStrike CCFA-200 exam in the first attempt. The study guide of Study4Exam provides you with comprehensive information about the syllabus of the CrowdStrike CCFA-200 exam. You should get this information at the start of your preparation because it helps you make an effective study plan. We have designed this CrowdStrike Certified Falcon Administrator certification exam preparation guide to give the exam overview, practice questions, practice test, prerequisites, and information about exam topics that help to go through the CrowdStrike Certified Falcon Administrator exam. We recommend you to the preparation material mentioned in this study guide to cover the entire CrowdStrike CCFA-200 syllabus. Study4Exam offers 3 formats of CrowdStrike CCFA-200 exam preparation material. Each format provides new practice questions in PDF format, web-based and desktop practice exams to get passing marks in the first attempt.
CrowdStrike CCFA-200 Exam Overview :
Exam Name | CrowdStrike Certified Falcon Administrator |
Exam Code | CCFA-200 |
Official Information | https://www.crowdstrike.com/wp-content/uploads/2022/09/csu-cfcp-certification-guide.pdf |
See Expected Questions | CrowdStrike CCFA-200 Expected Questions in Actual Exam |
Take Self-Assessment | Use CrowdStrike CCFA-200 Practice Test to Assess your preparation - Save Time and Reduce Chances of Failure |
CrowdStrike CCFA-200 Exam Topics :
Section | Objectives |
---|---|
1.0 USER MANAGEMENT | 1.1 Determine roles required for access to features and functionality in the Falcon console 1.1.1 Describe the capabilities and limitations of each RTR role 1.1.2 Create a new user, delete a user and edit a user, etc |
2.0 SENSOR DEPLOYMENT | 2.1 Analyze the pre-installation OS/networking requirements prior to installing the Falcon sensor 2.2 Analyze the default policies and apply best practices to prepare workloads for the Falcon sensor 2.3 Apply appropriate settings to successfully install a Falcon sensor on Windows, Linux and macOS 2.3.1 Apply basic sensor install requirements and installation processes 2.3.2 Apply additional/advanced options for images/VDIs, tokens and tags 2.4 Uninstall a sensor 2.5 Troubleshooting 2.5.1 Recognize issues with basic configuration requirements in the system environment or Falconcomponents 2.5.2 Resolve policy settings, permissions and threshold issues 2.5.3 Perform root cause analysis related to system/user issues |
3.0 HOST MANAGEMENT | 3.1 Propose how filtering might be used in the Host Management page 3.2 Disable detections for a host 3.3 Explain the effect of disabling detections on a host 3.4 Explain the impact of reduced functionality mode (RFM) and why it might be caused 3.5 Find hosts in RFM 3.6 Find inactive sensors 3.7 Recall how long inactive sensors are retained to define your data backup plan 3.8 Determine which reports to use when reporting on information relating to a host 3.9 Explain the importance of understanding your company’s Falcon Insight data retention timeframe |
4.0 GROUP CREATION | 4.1 Determine the appropriate group assignment for endpoints and understand how this impacts the application of policies 4.1.2 Describe policy types, components, application and workflow 4.1.3 Define precedence, groups and best practices |
5.0 PREVENTION POLICIES | 5.1 Determine the appropriate prevention policy settings for endpoints and explain how this impacts security posture 5.1.1 Demonstrate what the default policy is used for and apply best practices when configuring default policies 5.1.2 Configure a detection-only policy 5.1.3 Explain what Machine Learning is "on sensor" vs. “the cloud” 5.1.4 Describe what each of the different policy setting options do 5.1.5 Define NextGen AV Settings 5.1.6 Describe what End User Notifications do 5.1.7 Assign a prevention policy to groups and hosts 5.1.8 Explain what precedence does regarding prevention policies 5.1.9 Describe policy best practice |
6.0 CUSTOM IOA RULES | 6.1 Create custom IOA rules to monitor behavior that is not fundamentally malicious |
7.0 SENSOR UPDATE POLICIES | 7.1 Determine the appropriate sensor update policy settings and related general settings to control the update process 7.1.1 Define an update policy 7.1.2 Demonstrate what the default policy is used for and apply best practices when configuring default policies 7.1.3 Describe what auto-update does 7.1.4 Explain separate policies for MAC/Win/*nix 7.1.5 Explain where build versions are visible for a single sensor or across your environment 7.1.6 Describe what precedence does regarding sensor update policies |
8.0 QUARANTINE FILES | 8.1 Apply options required to manage quarantine file |
9.0 IOC MANAGEMENT | 9.1 Assess IOC settings required for customized security posturing and to manage false positives |
10.0 CONTAINMENT POLICY | 10.1 Configure an allowlist of the appropriate IP addresses, while the network is under containment, based on security workflow requirements 10.2 Describe what a containment policy does 10.3 Allowlist network traffic so it can connect to contained hosts |
11.0 EXCLUSIONS | 11.1 Interpret business requirement to allow trusted activity, resolve false positives and fix performance issues 11.1.1 Write an effective file exclusion rule using glob syntax 11.1.2 Apply File Pattern Exclusions to groups 11.1.3 Demonstrate how to manage exclusion rule |
12.0 SENSOR REPORTS | 12.1 Explain the different types of sensor reports and what each report provides 12.1.1 Explain what information is contained in Machine-Learning Prevention Monitoring Report 12.1.2 Explain what information is in the Falcon UI Audit Trail Report 12.1.3 Explain what information is in the API Audit Trail, Prevention Policy Audit Trail, Prevention Hashes Ignored Reports 12.1.4 Explain what information is in the Prevention Policy Debug Report 12.1.5 Explain what information a Linux Sensor Report will provide 12.1.6 Explain what information a Mac Sensor Report will provide 12.1.7 Explain the differences between the visibility and hunting reports 12.1.8 Explain the information shown in the logon activity report 12.1.9 Explain the information shown in the remote logon activity report 12.1.10 Explain the information shown on the remote access graph 12.1.12 Explain what information can be found in the visibility reports 12.1.13 Write an effective custom alert rule |
13.0 REAL TIME RESPONSE POLICY/AUDIT LOGS | 13.1 Apply roles, policy settings, and track and review RTR audit logs to manage user activity |
14.0 API CLIENTS AND KEYS | 14.1 Manage API Key |
15.0 NOTIFICATION WORKFLOW | 15.1 Configure custom alerts to notify individuals about policies, detections and incidents |
Updates in the CrowdStrike CCFA-200 Exam Syllabus:
CrowdStrike CCFA-200 exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual CrowdStrike Certified Falcon Administrator CCFA-200 exam on the first attempt, you need to put in hard work on these CrowdStrike CCFA-200 questions that provide updated information about the entire exam syllabus. Besides studying actual questions, you should take the CrowdStrike CCFA-200 practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the CrowdStrike Certified Falcon Administrator CCFA-200 exam practice test. Online and windows-based formats of the CCFA-200 exam practice test are available for self-assessment.
- 50000+ Customers feedbacks involved in Products
- Customize your exam based on your objectives
- User-Friendly interface
- Exam History and Progress reports
- Self-Assessment Features
- Various Learning Modes