CCFA-200 Exam Dumps : CrowdStrike Certified Falcon Administrator

The Unique Hosts Connecting to Countries Map helps an administrator to visualize global network communication. The map shows the number of unique hosts in your environment that have established network connections to different countries in the past 24 hours. You can use this map to identify unusual or suspicious network activity, such as connections to high-risk countries or regions, or connections from hosts that are not expected to communicate with external entities2.

References: 2: Cybersecurity Resources | CrowdStrike

The option that will enable Next-Gen Antivirus Prevention sliders and “Quarantine & Security Center Registration” is to enable Malware Protection and Windows Anti-Malware Execution Blocking. Malware Protection is a feature that enables the Next-Gen Antivirus Prevention sliders, which allow you to adjust the level of sensitivity and aggressiveness of the Falcon sensor’s machine learning engine, which uses artificial intelligence to identify and stop unknown threats. Windows Anti-Malware Execution Blocking is a feature that enables the “Quarantine & Security Center Registration” setting, which allows you to quarantine malicious files and register them in the Windows Security Center1.

References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike

After agent installation, an agent opens a permanent TLS connection over port 443 and keeps that connection open until the endpoint is turned off or the network connection is terminated. TLS (Transport Layer Security) is a protocol that provides secure and encrypted communication between the agent and the Falcon cloud. Port 443 is the standard port for HTTPS (Hypertext Transfer Protocol Secure) traffic. The agent uses this connection to send and receive data, commands, policies, and updates from the Falcon cloud2.

References: 2: Cybersecurity Resources | CrowdStrike