CCFA Exam notes and questions - JB
Singh
T or F:
Each policy must have its own Firewal rule group - ANSWER: FALSE
Create a rule group once and reuse in multiple policies
What are the basic services provided by the Falcon platform? - ANSWER: * Endpoint +
Cloud + Identity + Application + Data security
* Exposure management
* Counter adversary operations
Which is the latest release of Falcon platform? - ANSWER: Raptor release
Which Falcon platform provides log management and observability, and is designed to
handle large volumes of log data in real-time? - ANSWER: Falcon LogScale technology
Which module of the falcon platform offers feature of Next-Generation Anti Virus
(NGAV) ? - ANSWER: Endpoint security
Which module of the falcon platform offers feature of USB Device Control? - ANSWER:
Endpoint security
In which module of the Falcon portal can you define and manage Prevention and
Firewall policies? - ANSWER: Endpoint security
What is the full form of CWP, CSPM and CIEM - ANSWER: * CWP = Cloud Workload
Protection
* CSPM = Cloud Security Protection Management
* CIEM = Cloud Infrastructure Entitlement Management
Which module of the falcon platform offers feature of Application Security Posture
Management (ASPM)? - ANSWER: Cloud security
Which module of the falcon platform offers feature of Domain Security? - ANSWER:
Identity protection
Which module of the falcon platform offers feature of Active Asset Discovery? -
ANSWER: Exposure management
,Which module of the falcon platform offers feature of Vulnerability Management? -
ANSWER: Exposure management
Which module of the falcon platform offers feature of Attack Path Visualization? -
ANSWER: Exposure management
What does EASM stands for and which module provides this feature? - ANSWER: *
External Attack Surface Management
* Provided by Exposure management module
What does SCA stands for and which module provides this feature? - ANSWER: *
Software Configuration Assessment
* Provided by Exposure management module
Which module of the falcon platform offers feature of Adversary Intelligence - ANSWER:
Counter adversary Operations
Which module of the falcon platform offers feature of Threat Hunting - ANSWER:
Counter adversary Operations
Which module of the falcon platform offers feature of Dark Web Monitoring - ANSWER:
Counter adversary Operations
Which module of the Falcon platform offers feature of Security Orchestration,
Automation and Response (SOAR) - ANSWER: IT Automation
Which module of the falcon platform offers feature of No-code Falcon Applications -
ANSWER: IT Automation
Falcon uses which module to create unified visibility across tools like Okta, Entra ID and
Active Directory? - ANSWER: Falcon Identity Protection
Which module can be used to look into active but undetected threats that could evade
the defenses - ANSWER: Falcon Overwatch
The Falcon platform reduces risk with unmatched real-time visibility into the devices,
users, applications, vulnerabilities and attack paths that exist in your network. -
ANSWER: Exposure Management
True or False:
Falcon platform does not require any on-premises management infrastructure. -
ANSWER: True, as it has a cloud-native architecture.
What is the brains behind the Falcon Endpoint protection platform? - ANSWER:
CrowdStrike Threat Graph
,Which is the enterprise marketplace containing native CrowdStrike apps and third-party
apps - ANSWER: CrowdStrike Store
Which app can be used to view all application usage, accounts and assets in real-time -
ANSWER: Falcon Discover
Which app can be used to do real-time vulnerability management - ANSWER: Falcon
Spotlight
Which apps can be used to prevent, detect and remediate threats across all managed
endpoints - ANSWER: Falcon Insight + Falcon Prevent
Which app provides functionality to orchestrate and automate workflows? - ANSWER:
CrowdStrike Falcon Fusion
Which two inputs are supported by Falcon Platform APIs - ANSWER: 1. Real-time
streaming of endpoint data and security alerts
2. On-demand queries of Falcon Threat graph dtaabase.
What do Falcon Intelligence APIs do - ANSWER: It provides feed of info. spanning:
1. Threat Indicators
2. Adversaries
3. Intelligence reports
Which identity mechanism provides a secure access to the CrowdStrike API? -
ANSWER: API Client --> Uses Credentials and Scoped Permissions to access certain
API resources.
Which authentication method is used by the CrowdStrike API - ANSWER: OAuth2
What can be done through OAuth2? - ANSWER: 1. Use access token to make API
requests
2. Manage multiple API client within our organization.
3. Define limited scopes of permission for API functionality.
What are the two things we get when an API client is generated? - ANSWER: 1. OAuth2
Client ID
2. Secret credentials
Which API can be used to route detections based on MITRE tactics and techniques? -
ANSWER: Detects API
Which API can be used to get artifacts from the endpoints to help with the
investigations? - ANSWER: Real Time Response APIs
, Which API can be used if one needs to make a decision regarding giving a conditional
access to the endpoints based on whether they have sensors installed or not. -
ANSWER: Host APIs = To get endpoint data
A "Stay signed in" display option is there so that we can stay logged into the dashboard
until ______________________________________ - ANSWER: the browser is
restarted
Which dashboard will you see when first logging into Falcon? - ANSWER: Activity
Dashboard
True or False:
We cannot have access to multiple customer IDs or CIDs in Falcon. - ANSWER: False.
There will be a drop-down at the top-tight corner of Falcon portal if we got multiple CIDs
to toggle between multiple instances.
Which option can help us to sort resources if we need to access them on a regular
basis? - ANSWER: "Bookmarks"
Which option on the menu will give information about incidents, detections and
preventon activities found by Falcon sensors? - ANSWER: Endpoint security
If you need to find gaps in your defenses that may need new policies, where should you
look? - ANSWER: Endpoint security
How are the detections triggered? - ANSWER: 1. From prevention policies
2. Incidents that group together the related detections based on an algorithm.
What is the option under Cloud security for the Falcon Horizon? - ANSWER: Cloud
security posture
What is the option under Cloud security for the Cloud Workload Protection (CWP)? -
ANSWER: Kubernetes and containers
What is the option under Cloud security for the Discover for Cloud? - ANSWER: Cloud
workloads discovery
Which options will be used to register cloud accounts and set cloud policies? -
ANSWER: Cloud security
If you want to see user behavioral profiles and identify unusual behaviour, which options
should you choose? - ANSWER: Identity protection
Which option in the menu will enforce IT policy through the use of identity, behavioural
and risk analytics? - ANSWER: Identity protection
Singh
T or F:
Each policy must have its own Firewal rule group - ANSWER: FALSE
Create a rule group once and reuse in multiple policies
What are the basic services provided by the Falcon platform? - ANSWER: * Endpoint +
Cloud + Identity + Application + Data security
* Exposure management
* Counter adversary operations
Which is the latest release of Falcon platform? - ANSWER: Raptor release
Which Falcon platform provides log management and observability, and is designed to
handle large volumes of log data in real-time? - ANSWER: Falcon LogScale technology
Which module of the falcon platform offers feature of Next-Generation Anti Virus
(NGAV) ? - ANSWER: Endpoint security
Which module of the falcon platform offers feature of USB Device Control? - ANSWER:
Endpoint security
In which module of the Falcon portal can you define and manage Prevention and
Firewall policies? - ANSWER: Endpoint security
What is the full form of CWP, CSPM and CIEM - ANSWER: * CWP = Cloud Workload
Protection
* CSPM = Cloud Security Protection Management
* CIEM = Cloud Infrastructure Entitlement Management
Which module of the falcon platform offers feature of Application Security Posture
Management (ASPM)? - ANSWER: Cloud security
Which module of the falcon platform offers feature of Domain Security? - ANSWER:
Identity protection
Which module of the falcon platform offers feature of Active Asset Discovery? -
ANSWER: Exposure management
,Which module of the falcon platform offers feature of Vulnerability Management? -
ANSWER: Exposure management
Which module of the falcon platform offers feature of Attack Path Visualization? -
ANSWER: Exposure management
What does EASM stands for and which module provides this feature? - ANSWER: *
External Attack Surface Management
* Provided by Exposure management module
What does SCA stands for and which module provides this feature? - ANSWER: *
Software Configuration Assessment
* Provided by Exposure management module
Which module of the falcon platform offers feature of Adversary Intelligence - ANSWER:
Counter adversary Operations
Which module of the falcon platform offers feature of Threat Hunting - ANSWER:
Counter adversary Operations
Which module of the falcon platform offers feature of Dark Web Monitoring - ANSWER:
Counter adversary Operations
Which module of the Falcon platform offers feature of Security Orchestration,
Automation and Response (SOAR) - ANSWER: IT Automation
Which module of the falcon platform offers feature of No-code Falcon Applications -
ANSWER: IT Automation
Falcon uses which module to create unified visibility across tools like Okta, Entra ID and
Active Directory? - ANSWER: Falcon Identity Protection
Which module can be used to look into active but undetected threats that could evade
the defenses - ANSWER: Falcon Overwatch
The Falcon platform reduces risk with unmatched real-time visibility into the devices,
users, applications, vulnerabilities and attack paths that exist in your network. -
ANSWER: Exposure Management
True or False:
Falcon platform does not require any on-premises management infrastructure. -
ANSWER: True, as it has a cloud-native architecture.
What is the brains behind the Falcon Endpoint protection platform? - ANSWER:
CrowdStrike Threat Graph
,Which is the enterprise marketplace containing native CrowdStrike apps and third-party
apps - ANSWER: CrowdStrike Store
Which app can be used to view all application usage, accounts and assets in real-time -
ANSWER: Falcon Discover
Which app can be used to do real-time vulnerability management - ANSWER: Falcon
Spotlight
Which apps can be used to prevent, detect and remediate threats across all managed
endpoints - ANSWER: Falcon Insight + Falcon Prevent
Which app provides functionality to orchestrate and automate workflows? - ANSWER:
CrowdStrike Falcon Fusion
Which two inputs are supported by Falcon Platform APIs - ANSWER: 1. Real-time
streaming of endpoint data and security alerts
2. On-demand queries of Falcon Threat graph dtaabase.
What do Falcon Intelligence APIs do - ANSWER: It provides feed of info. spanning:
1. Threat Indicators
2. Adversaries
3. Intelligence reports
Which identity mechanism provides a secure access to the CrowdStrike API? -
ANSWER: API Client --> Uses Credentials and Scoped Permissions to access certain
API resources.
Which authentication method is used by the CrowdStrike API - ANSWER: OAuth2
What can be done through OAuth2? - ANSWER: 1. Use access token to make API
requests
2. Manage multiple API client within our organization.
3. Define limited scopes of permission for API functionality.
What are the two things we get when an API client is generated? - ANSWER: 1. OAuth2
Client ID
2. Secret credentials
Which API can be used to route detections based on MITRE tactics and techniques? -
ANSWER: Detects API
Which API can be used to get artifacts from the endpoints to help with the
investigations? - ANSWER: Real Time Response APIs
, Which API can be used if one needs to make a decision regarding giving a conditional
access to the endpoints based on whether they have sensors installed or not. -
ANSWER: Host APIs = To get endpoint data
A "Stay signed in" display option is there so that we can stay logged into the dashboard
until ______________________________________ - ANSWER: the browser is
restarted
Which dashboard will you see when first logging into Falcon? - ANSWER: Activity
Dashboard
True or False:
We cannot have access to multiple customer IDs or CIDs in Falcon. - ANSWER: False.
There will be a drop-down at the top-tight corner of Falcon portal if we got multiple CIDs
to toggle between multiple instances.
Which option can help us to sort resources if we need to access them on a regular
basis? - ANSWER: "Bookmarks"
Which option on the menu will give information about incidents, detections and
preventon activities found by Falcon sensors? - ANSWER: Endpoint security
If you need to find gaps in your defenses that may need new policies, where should you
look? - ANSWER: Endpoint security
How are the detections triggered? - ANSWER: 1. From prevention policies
2. Incidents that group together the related detections based on an algorithm.
What is the option under Cloud security for the Falcon Horizon? - ANSWER: Cloud
security posture
What is the option under Cloud security for the Cloud Workload Protection (CWP)? -
ANSWER: Kubernetes and containers
What is the option under Cloud security for the Discover for Cloud? - ANSWER: Cloud
workloads discovery
Which options will be used to register cloud accounts and set cloud policies? -
ANSWER: Cloud security
If you want to see user behavioral profiles and identify unusual behaviour, which options
should you choose? - ANSWER: Identity protection
Which option in the menu will enforce IT policy through the use of identity, behavioural
and risk analytics? - ANSWER: Identity protection
