CrowdStrike CCFA-200 Exam With Confidence Using Practice Dumps

When creating new IOCs in IOC management, the administrator must configure the Hash, Platform and Action fields. The Hash field is the value of the IOC, such as MD5, SHA1 or SHA256. The Platform field is the operating system that the IOC applies to, such as Windows, Linux or Mac. The Action field is the action that Falcon will take when detecting the IOC, such as Detect, Block or Allow. The other fields are either optional or not available. Reference: CrowdStrike Falcon User Guide, page 44

The maximum number of patterns that can be added when creating a new exclusion is one. Each exclusion can only have one pattern, which can be a file path, a hash, a command line or a user name. The other options are either incorrect or not related to creating exclusions. Reference: CrowdStrike Falcon User Guide, page 37.

 In order to exercise manual control over the sensor upgrade process, as well as prevent unauthorized users from uninstalling or upgrading the sensor, the administrator should set the Sensor version to fixed and turn on the Uninstall and maintenance protection setting in the Sensor Update Policy. This will allow the administrator to specify which sensor version will be used by the hosts using this policy, and also require a maintenance token to uninstall or upgrade the sensor. The other options are either incorrect or not sufficient to meet this criteria. Reference: CrowdStrike Falcon User Guide, page 38.