1. Home
  2. CrowdStrike
  3. CCFA-200 Exam Syllabus

CrowdStrike CCFA-200 Exam Syllabus

CrowdStrike CCFA-200 Exam

CrowdStrike Certified Falcon Administrator

Total Questions: 153

What is Included in the CrowdStrike CCFA-200 Exam?

Authentic information about the syllabus and an effective study guide is essential to go through the CrowdStrike CCFA-200 exam in the first attempt. The study guide of Study4Exam provides you with comprehensive information about the syllabus of the CrowdStrike CCFA-200 exam. You should get this information at the start of your preparation because it helps you make an effective study plan. We have designed this CrowdStrike Certified Falcon Administrator certification exam preparation guide to give the exam overview, practice questions, practice test, prerequisites, and information about exam topics that help to go through the CrowdStrike Certified Falcon Administrator exam. We recommend you to the preparation material mentioned in this study guide to cover the entire CrowdStrike CCFA-200 syllabus. Study4Exam offers 3 formats of CrowdStrike CCFA-200 exam preparation material. Each format provides new practice questions in PDF format, web-based and desktop practice exams to get passing marks in the first attempt.

CrowdStrike CCFA-200 Exam Overview :

Exam Name CrowdStrike Certified Falcon Administrator
Exam Code CCFA-200
Official Information https://www.crowdstrike.com/wp-content/uploads/2022/09/csu-cfcp-certification-guide.pdf
See Expected Questions CrowdStrike CCFA-200 Expected Questions in Actual Exam
Take Self-Assessment Use CrowdStrike CCFA-200 Practice Test to Assess your preparation - Save Time and Reduce Chances of Failure

CrowdStrike CCFA-200 Exam Topics :

Section Objectives
1.0 USER MANAGEMENT 1.1 Determine roles required for access to features and functionality in the Falcon console
    1.1.1 Describe the capabilities and limitations of each RTR role
    1.1.2 Create a new user, delete a user and edit a user, etc
2.0 SENSOR DEPLOYMENT     2.1 Analyze the pre-installation OS/networking requirements prior to installing the Falcon sensor
    2.2 Analyze the default policies and apply best practices to prepare workloads for the Falcon sensor
    2.3 Apply appropriate settings to successfully install a Falcon sensor on Windows, Linux and macOS
        2.3.1 Apply basic sensor install requirements and installation processes
        2.3.2 Apply additional/advanced options for images/VDIs, tokens and tags
    2.4 Uninstall a sensor
    2.5 Troubleshooting
        2.5.1 Recognize issues with basic configuration requirements in the system environment or Falconcomponents
        2.5.2 Resolve policy settings, permissions and threshold issues
        2.5.3 Perform root cause analysis related to system/user issues
3.0 HOST MANAGEMENT     3.1 Propose how filtering might be used in the Host Management page
    3.2 Disable detections for a host
    3.3 Explain the effect of disabling detections on a host
    3.4 Explain the impact of reduced functionality mode (RFM) and why it might be caused
    3.5 Find hosts in RFM
    3.6 Find inactive sensors
    3.7 Recall how long inactive sensors are retained to define your data backup plan
    3.8 Determine which reports to use when reporting on information relating to a host
    3.9 Explain the importance of understanding your company’s Falcon Insight data retention timeframe
4.0 GROUP CREATION     4.1 Determine the appropriate group assignment for endpoints and understand how this impacts the application of policies
        4.1.2 Describe policy types, components, application and workflow
        4.1.3 Define precedence, groups and best practices
5.0 PREVENTION POLICIES     5.1 Determine the appropriate prevention policy settings for endpoints and explain how this impacts security posture
        5.1.1 Demonstrate what the default policy is used for and apply best practices when configuring default policies
        5.1.2 Configure a detection-only policy
        5.1.3 Explain what Machine Learning is "on sensor" vs. “the cloud”
        5.1.4 Describe what each of the different policy setting options do
        5.1.5 Define NextGen AV Settings
        5.1.6 Describe what End User Notifications do
        5.1.7 Assign a prevention policy to groups and hosts
        5.1.8 Explain what precedence does regarding prevention policies
        5.1.9 Describe policy best practice
6.0 CUSTOM IOA RULES     6.1 Create custom IOA rules to monitor behavior that is not fundamentally malicious
7.0 SENSOR UPDATE POLICIES     7.1 Determine the appropriate sensor update policy settings and related general settings to control the update process
        7.1.1 Define an update policy
        7.1.2 Demonstrate what the default policy is used for and apply best practices when configuring default policies
        7.1.3 Describe what auto-update does
        7.1.4 Explain separate policies for MAC/Win/*nix
        7.1.5 Explain where build versions are visible for a single sensor or across your environment
        7.1.6 Describe what precedence does regarding sensor update policies
8.0 QUARANTINE FILES     8.1 Apply options required to manage quarantine file
9.0 IOC MANAGEMENT     9.1 Assess IOC settings required for customized security posturing and to manage false positives
10.0 CONTAINMENT POLICY     10.1 Configure an allowlist of the appropriate IP addresses, while the network is under containment, based on security workflow requirements
    10.2 Describe what a containment policy does
    10.3 Allowlist network traffic so it can connect to contained hosts
11.0 EXCLUSIONS     11.1 Interpret business requirement to allow trusted activity, resolve false positives and fix performance issues
        11.1.1 Write an effective file exclusion rule using glob syntax
        11.1.2 Apply File Pattern Exclusions to groups
        11.1.3 Demonstrate how to manage exclusion rule
12.0 SENSOR REPORTS     12.1 Explain the different types of sensor reports and what each report provides
        12.1.1 Explain what information is contained in Machine-Learning Prevention Monitoring Report
        12.1.2 Explain what information is in the Falcon UI Audit Trail Report
        12.1.3 Explain what information is in the API Audit Trail, Prevention Policy Audit Trail, Prevention Hashes Ignored Reports
        12.1.4 Explain what information is in the Prevention Policy Debug Report
        12.1.5 Explain what information a Linux Sensor Report will provide
        12.1.6 Explain what information a Mac Sensor Report will provide
        12.1.7 Explain the differences between the visibility and hunting reports
        12.1.8 Explain the information shown in the logon activity report
        12.1.9 Explain the information shown in the remote logon activity report
        12.1.10 Explain the information shown on the remote access graph
        12.1.12 Explain what information can be found in the visibility reports
        12.1.13 Write an effective custom alert rule
13.0 REAL TIME RESPONSE POLICY/AUDIT LOGS     13.1 Apply roles, policy settings, and track and review RTR audit logs to manage user activity
14.0 API CLIENTS AND KEYS     14.1 Manage API Key
15.0 NOTIFICATION WORKFLOW     15.1 Configure custom alerts to notify individuals about policies, detections and incidents

Updates in the CrowdStrike CCFA-200 Exam Syllabus:

CrowdStrike CCFA-200 exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual CrowdStrike Certified Falcon Administrator CCFA-200 exam on the first attempt, you need to put in hard work on these CrowdStrike CCFA-200 questions that provide updated information about the entire exam syllabus. Besides studying actual questions, you should take the CrowdStrike CCFA-200 practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the CrowdStrike Certified Falcon Administrator CCFA-200 exam practice test. Online and windows-based formats of the CCFA-200 exam practice test are available for self-assessment.