CrowdStrike Falcon Administrator Certification Exam Syllabus

CCFA Dumps Questions, CCFA PDF, Falcon Administrator Exam Questions PDF, CrowdStrike CCFA Dumps Free, Falcon Admin Official Cert Guide PDF, CrowdStrike Falcon Admin Dumps, CrowdStrike Falcon Admin PDFThe CrowdStrike CCFA exam preparation guide is designed to provide candidates with necessary information about the Falcon Administrator exam. It includes exam summary, sample questions, practice test, objectives and ways to interpret the exam objectives to enable candidates to assess the types of questions-answers that may be asked during the CrowdStrike Certified Falcon Administrator (CCFA) exam.

It is recommended for all the candidates to refer the CCFA objectives and sample questions provided in this preparation guide. The CrowdStrike Falcon Admin certification is mainly targeted to the candidates who want to build their career in Falcon Platform domain and demonstrate their expertise. We suggest you to use practice exam listed in this cert guide to get used to with exam environment and identify the knowledge areas where you need more work prior to taking the actual CrowdStrike Falcon Administrator exam.

CrowdStrike CCFA Exam Summary:

Exam Name
CrowdStrike Falcon Administrator
Exam Code CCFA
Exam Price $250 USD
Duration 90 minutes
Number of Questions 60
Passing Score 80%
Recommended Training / Books CCFA Training
Schedule Exam PEARSON VUE
Sample Questions CrowdStrike CCFA Sample Questions
Recommended Practice CrowdStrike Certified Falcon Administrator (CCFA) Practice Test

CrowdStrike Falcon Administrator Syllabus:

Section Objectives
User Management
- Determine roles required for access to features and functionality in the Falcon console
- Create roles and assign users to roles based on desired permissions
- Manage API keys
Sensor Deployment
- Determine prerequisites to successfully install a Falcon sensor on supported operating systems
- Analyze the default policies and apply the best practices to prepare workloads for the Falcon sensor
- Uninstall a sensor
- Troubleshoot a sensor
Host Management and Setup
- Understand how filtering might be used in the Host Management page
- Disable detections for a host
- Explain the effect of disabling detections on a host
- Explain the impact of Reduced Functionality Mode (RFM) and why it might be caused
- Find hosts in RFM
- Locate inactive sensors
- Recall how long inactive sensors are retained
- Determine relevant reports specific to host management
Group Creation
- Determine the appropriate group assignment for endpoints and understand how this impacts the application of policies
- Apply best practices when managing host groups
Policy Application
- Determine the appropriate prevention policy settings for endpoints and explain how this impacts security posture
- Determine the appropriate sensor update policy settings in order to control the update process
- Apply roles and policy settings, and track and review Falcon RTR audit logs in order to manage user activity
- Understand the functionality of a containment policy
- Configure a containment policy for IP address or subnet exclusions that will apply to network
contained hosts based on security workflow requirements
- Understand options and requirements to manage quarantined files
Rules Configuration
- Create custom IOA rules to monitor for behavior that is not fundamentally malicious
- Interpret business requirements in order to allow trusted activity, resolve false positives and fix performance issues
- Assess IOC settings required for customized security posturing and to manage false positives
- Understand configurations for CID wide management within General Settings
Dashboards and Reports
- Understand the different types of sensor reports and their use cases
- Understand the different audit logs and their use cases
Workflows - Configure workflows to respond to defined triggers

 

Your rating: None Rating: 5 / 5 (1 vote)