CCFA-200 Exam Dumps - CrowdStrike Certified Falcon Administrator

The tool developed by Crowdstrike that is intended to help with removal of the CrowdStrike Windows Falcon Sensor is CSUninstallTool.exe. This tool is a command-line utility that can uninstall the Falcon sensor from a Windows system without requiring user interaction or network connectivity. The tool can also bypass the Uninstall and Maintenance Protection feature if enabled in the Sensor Update Policy2.

References: 2: Cybersecurity Resources | CrowdStrike

The alignment of a particular prevention policy to one or more host groups can be completed in each policy in the “Assigned Host Groups” tab. This tab allows the administrator to select which host groups will use the policy, as well as view the number of hosts and sensors assigned to each group. The other options are either incorrect or not available. Reference: [CrowdStrike Falcon User Guide], page 34.

The most likely culprit causing multiple Windows hosts to be in Reduced Functionality Mode (RFM) is a patch that was pushed overnight to all Windows systems. RFM occurs when the sensor detects a change in the operating system that requires a reboot to complete. A patch is one of the common causes of such a change. The other options are either incorrect or not related to RFM. Reference: CrowdStrike Falcon User Guide, page 30.

The statement that describes what is recommended for the Default Sensor Update policy is that the Default Sensor Update policy should align to an organization’s overall sensor updating practice while leveraging Auto N-1 and Auto N-2 configurations where possible. As explained in question 139, the Default Sensor Update policy is a “catch-all” policy that applies to any host that is not assigned to a specific Sensor Update policy. Therefore, it is recommended that the Default Sensor Update policy should align to your organization’s overall sensor updating practice, such as how frequently and how quickly you want to update your sensors. It is also recommended that you leverage the Auto N-1 and Auto N-2 configurations, which allow you to automatically update your sensors to the latest or second-latest sensor version without requiring manual intervention1.

References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike

The statement that is true about managing a user’s role is that you must be a Falcon Administrator. A Falcon Administrator is a role that has full access and control over all features and functions in Falcon, including user management. A Falcon Administrator can create, modify, delete, and assign roles to other users in Falcon. A Falcon Administrator can also re-use the account email for a new account, enable Falcon MFA (multi-factor authentication), and assign other roles such as Falcon Security Lead or Falcon Investigator2.

References: 2: Cybersecurity Resources | CrowdStrike

When a user initiates a sensor install, the logs can be found in %SYSTEMROOT%\Temp. This folder contains temporary files and folders created by the system or applications, including the sensor installation logs. The sensor installation logs have names that start with CSFalconContainer and end with .log, such as CSFalconContainer-2023-08-31_11-23-21.log. These logs can help you troubleshoot any issues or errors that may occur during the sensor installation process3.

References: 3: How to Become a CrowdStrike Certified Falcon Administrator

The API client secret cannot be retrieved after it has been created. The secret is only displayed once when the API client is created, and it cannot be viewed or edited later. Therefore, it is important to save the secret securely and use it along with the client ID to authenticate the API client. The other options are either incorrect or not possible. Reference: CrowdStrike Falcon User Guide, page 54.

The role that allows a user to connect to hosts using Real-Time Response is Real Time Responder – Active Responder. This role allows users to use the “Connect to Host” feature to gather additional information from the host, as well as execute commands and scripts on the host. The other roles do not have this capability. Reference: [CrowdStrike Falcon User Guide], page 18.