CCFA-200 Exam Dumps : CrowdStrike Certified Falcon Administrator

When creating new IOCs in IOC management, the administrator must configure the Hash, Platform and Action fields. The Hash field is the value of the IOC, such as MD5, SHA1 or SHA256. The Platform field is the operating system that the IOC applies to, such as Windows, Linux or Mac. The Action field is the action that Falcon will take when detecting the IOC, such as Detect, Block or Allow. The other fields are either optional or not available. Reference: CrowdStrike Falcon User Guide, page 44

The option that will enable Next-Gen Antivirus Prevention sliders and “Quarantine & Security Center Registration” is to enable Malware Protection and Windows Anti-Malware Execution Blocking. Malware Protection is a feature that enables the Next-Gen Antivirus Prevention sliders, which allow you to adjust the level of sensitivity and aggressiveness of the Falcon sensor’s machine learning engine, which uses artificial intelligence to identify and stop unknown threats. Windows Anti-Malware Execution Blocking is a feature that enables the “Quarantine & Security Center Registration” setting, which allows you to quarantine malicious files and register them in the Windows Security Center1.

References: 1: Falcon Administrator Learning Path | Infographic | CrowdStrike

The maximum number of patterns that can be added when creating a new exclusion is one. Each exclusion can only have one pattern, which can be a file path, a hash, a command line or a user name. The other options are either incorrect or not related to creating exclusions. Reference: CrowdStrike Falcon User Guide, page 37.