1. Home
  2. CrowdStrike
  3. CCFA-200b Exam Syllabus

CrowdStrike CCFA-200b Exam Syllabus

Start Free CCFA-200b Exam Practice After Reviewing the Topics

Before starting your CCFA-200b exam preparation, it is recommended to review the complete CrowdStrike Certified Falcon Administrator exam syllabus and carefully go through the exam objectives listed below. Once you understand the exam structure and objectives, you should practice using our free CCFA-200b questions. We also provide premium CCFA-200b practice test, fully updated according to the latest exam objectives, to help you accurately assess your preparedness for the actual exam.

CrowdStrike
Vendor
CCFA-200b
Exam Code
153
Total Questions
8
Total Exam Domains

START FREE CCFA-200b EXAM PRACTICE

NO SIGNUP REQUIRED  •  100% FREE TO START

CCFA-200b EXAM QUESTIONS

CrowdStrike CCFA-200b Exam Objectives

Section 1: User Management
Weight:
-
  • 1.1 Determine roles required for access to features and functionality in the Falcon console
  • 1.2 Create roles and assign users to roles based on desired permissions
  • 1.3 Manage API keys
Section 2: Sensor Deployment
Weight:
-
  • 2.1 Determine prerequisites to successfully install a Falcon sensor on supported operating systems
  • 2.2 Analyze the default policies and apply the best practices to prepare workloads for the Falcon sensor
  • 2.3 Uninstall a sensor
  • 2.4 Troubleshoot a sensor
Section 3: Host Management and Setup
Weight:
-
  • 3.1 Understand how filtering might be used in the Host Management page
  • 3.2 Disable detections for a host
  • 3.3 Explain the effect of disabling detections on a host
  • 3.4 Explain the impact of Reduced Functionality Mode (RFM) and why it might be caused
  • 3.5 Find hosts in RFM
  • 3.6 Locate inactive sensors
  • 3.7 Recall how long inactive sensors are retained
  • 3.8 Determine relevant reports specific to host management
Section 4: Group Creation
Weight:
-
  • 4.1 Determine the appropriate group assignment for endpoints and understand how this impacts the application of policies
  • 4.2 Apply best practices when managing host groups
Section 5: Policy Application
Weight:
-
  • 5.1 Determine the appropriate prevention policy settings for endpoints and explain how this impacts security posture
  • 5.2 Determine the appropriate sensor update policy settings in order to control the update process
  • 5.3 Apply roles and policy settings, and track and review Falcon RTR audit logs in order to manage user activity
  • 5.4 Understand the functionality of a containment policy
  • 5.5 Configure a containment policy for IP address or subnet exclusions that will apply to network contained hosts based on security workflow requirements
  • 5.6 Understand options and requirements to manage quarantined files
Section 6: Rules Configuration
Weight:
-
  • 6.1 Create custom IOA rules to monitor for behavior that is not fundamentally malicious
  • 6.2 Interpret business requirements in order to allow trusted activity, resolve false positives and fix performance issues
  • 6.3 Assess IOC settings required for customized security posturing and to manage false positives
  • 6.4 Understand configurations for CID wide management within General Settings
Section 7: Dashboards and Reports
Weight:
-
  • 7.1 Understand the different types of sensor reports and their use cases
  • 7.2 Understand the different audit logs and their use cases
Section 8: Workflows
Weight:
-
  • 8.1 Configure workflows to respond to defined triggers
Info