CROWDSTRIKE: CCFA EXAM 2025 WITH 100% ACCURATE
SOLUTIONS
Falcon Console Guest - ✅✅✅CORRECT -User MGN:
- View Documentation and your own user profile.
- View Support Portal
User MGN: Falcon Administrator - ✅✅✅CORRECT -User MGN:
- Access all functionality in the console with the exception of some RTR functionality.
Workflow Author - ✅✅✅CORRECT -User MGN:
- Create and edit workflows.
- Re-execute failed workflows.
- This role requires at least one other role to be able to access the falcon console.
- Cannot include RTR actions unless also assigned the RTR Administrator Role.
Dashboard Admin - ✅✅✅CORRECT -User MGN:
- Create, edit, manage and delete dashboards.
- This role requires at least one other role to be able to access the falcon console.
Prevention Policy Manager - ✅✅✅CORRECT -User MGN:
- Create, edit and delete prevention policies.
- This role can also view dashboards, host management, detections, file exclusions & sensor update
policy.
Desktop Support Analyst - ✅✅✅CORRECT -User MGN:
- Install sensor, troubleshoot, view manuals.
- Access docs about products functions and restrictions.
,Help Desk Analyst - ✅✅✅CORRECT -User MGN:
- View Detections, host management, installation tokens, prevention policies, file exclusions, sensor
update policies & dashboards.
PREVENT ROLES: Falcon Administrator - ✅✅✅CORRECT -PREVENT ROLES:
- Access all functionality in console with exception of some RTR functionality and custom IOAs.
PREVENT ROLES: Falcon Security Lead - ✅✅✅CORRECT -PREVENT ROLES:
- Manage detections, manage quarantined files, contain hosts, view exclusions.
- Search for events, reset user credentials & 2FA.
- View data about assets, accounts and applications in Discover.
PREVENT ROLES: Falcon Analyst - ✅✅✅CORRECT -PREVENT ROLES:
- Manage detections and quarantined files.
- View Exclusions and Host Management.
- View Firewall Rules, rule groups, policies and audit logs.
PREVENT ROLES: Falcon Analyst - Read Only - ✅✅✅CORRECT -PREVENT ROLES:
- View detections and exclusions and search events.
- View all Identity Protection info.
- View firewall rules, rule groups, policies and audit logs.
PREVENT ROLES: Quarantine Manager - ✅✅✅CORRECT -PREVENT ROLES:
- View, release and manage quarantined files.
PREVENT ROLES: Endpoint Manager - ✅✅✅CORRECT -PREVENT ROLES:
- Manage sensor deployment and maintain sensor configuration and update policies.
- Create, edit and delete host groups and firewall rules.
,PREVENT ROLES: Detections Exceptions Manager - ✅✅✅CORRECT -PREVENT ROLES:
- Add, edit and manage custom IOCs, ML Exclusions, IOA Exclusions and Sensor Visibility Exclusions.
PREVENT ROLES: Remediation Manager - ✅✅✅CORRECT -PREVENT ROLES:
- View and manage remediation actions taken by the Falcon console.
Capabilities and Limitations: RTR READ ONLY ANALYST - ✅✅✅CORRECT -Capabilities and Limitations:
+ Can run a core set of read-only response commands to perform reconnaissance.
- Cannot extract files, modify the device, or run certain scripts.
- No access to "Edit and RunScript" tab.
Capabilities and Limitations: RTR ACTIVE RESPONDER - ✅✅✅CORRECT -Capabilities and Limitations:
+ More access than RTR Read Only Analyst.
+ Can extract files using get command, can run commands that modify the device and run certain
custom scripts.
- Cannot create custom scripts, cannot upload files to hosts using put command and cannot directly run
executables using the run command.
- No access to "Edit and RunScript" tab.
Capabilities and Limitations: RTR ADMINISTRATOR - ✅✅✅CORRECT -Capabilities and Limitations:
+ Can do everything the RESPONDER can do.
+ Plus create custom scripts, upload files to hosts using put, and directly run executables using run.
+ There are no limitations to this role.
Create, edit, delete a new user:
How do you Add a user? (How do you traverse through the UI to add a user) - ✅✅✅CORRECT -*
ADMINISTRATIVE role for your Falcon subscription, such as FALCON ADMINISTRATOR is required *
, - Host setup and management > Falcon users > User management.
- Click Add User in the upper right of the window.
- Enter users email address, first name, last name.
- Select one or more roles.
- Click Add User
Create, edit, delete a new user:
How do you add a Delete? (How do you traverse through the UI to Delete a user) - ✅✅✅CORRECT -*
ADMINISTRATIVE role for your Falcon subscription, such as FALCON ADMINISTRATOR is required *
- Host setup and management > Falcon users > User management.
- Find the desired user.
- Click three-dot menu.
- Select Delete User.
- At confirmation, select Delete.
You can also delete a user from the three-dot menu inside the User details.
Create, edit, delete a new user:
How do you Edit a user? (How do you traverse through the UI to Edit a user) - ✅✅✅CORRECT -- Edit
username
- Edit Roles
- Reset 2FA
- Reset Password
A Falcon Administrator can make all changes to a user.
A Falcon Security Lead can reset 2FA and password but cannot change the user or assign roles.
SOLUTIONS
Falcon Console Guest - ✅✅✅CORRECT -User MGN:
- View Documentation and your own user profile.
- View Support Portal
User MGN: Falcon Administrator - ✅✅✅CORRECT -User MGN:
- Access all functionality in the console with the exception of some RTR functionality.
Workflow Author - ✅✅✅CORRECT -User MGN:
- Create and edit workflows.
- Re-execute failed workflows.
- This role requires at least one other role to be able to access the falcon console.
- Cannot include RTR actions unless also assigned the RTR Administrator Role.
Dashboard Admin - ✅✅✅CORRECT -User MGN:
- Create, edit, manage and delete dashboards.
- This role requires at least one other role to be able to access the falcon console.
Prevention Policy Manager - ✅✅✅CORRECT -User MGN:
- Create, edit and delete prevention policies.
- This role can also view dashboards, host management, detections, file exclusions & sensor update
policy.
Desktop Support Analyst - ✅✅✅CORRECT -User MGN:
- Install sensor, troubleshoot, view manuals.
- Access docs about products functions and restrictions.
,Help Desk Analyst - ✅✅✅CORRECT -User MGN:
- View Detections, host management, installation tokens, prevention policies, file exclusions, sensor
update policies & dashboards.
PREVENT ROLES: Falcon Administrator - ✅✅✅CORRECT -PREVENT ROLES:
- Access all functionality in console with exception of some RTR functionality and custom IOAs.
PREVENT ROLES: Falcon Security Lead - ✅✅✅CORRECT -PREVENT ROLES:
- Manage detections, manage quarantined files, contain hosts, view exclusions.
- Search for events, reset user credentials & 2FA.
- View data about assets, accounts and applications in Discover.
PREVENT ROLES: Falcon Analyst - ✅✅✅CORRECT -PREVENT ROLES:
- Manage detections and quarantined files.
- View Exclusions and Host Management.
- View Firewall Rules, rule groups, policies and audit logs.
PREVENT ROLES: Falcon Analyst - Read Only - ✅✅✅CORRECT -PREVENT ROLES:
- View detections and exclusions and search events.
- View all Identity Protection info.
- View firewall rules, rule groups, policies and audit logs.
PREVENT ROLES: Quarantine Manager - ✅✅✅CORRECT -PREVENT ROLES:
- View, release and manage quarantined files.
PREVENT ROLES: Endpoint Manager - ✅✅✅CORRECT -PREVENT ROLES:
- Manage sensor deployment and maintain sensor configuration and update policies.
- Create, edit and delete host groups and firewall rules.
,PREVENT ROLES: Detections Exceptions Manager - ✅✅✅CORRECT -PREVENT ROLES:
- Add, edit and manage custom IOCs, ML Exclusions, IOA Exclusions and Sensor Visibility Exclusions.
PREVENT ROLES: Remediation Manager - ✅✅✅CORRECT -PREVENT ROLES:
- View and manage remediation actions taken by the Falcon console.
Capabilities and Limitations: RTR READ ONLY ANALYST - ✅✅✅CORRECT -Capabilities and Limitations:
+ Can run a core set of read-only response commands to perform reconnaissance.
- Cannot extract files, modify the device, or run certain scripts.
- No access to "Edit and RunScript" tab.
Capabilities and Limitations: RTR ACTIVE RESPONDER - ✅✅✅CORRECT -Capabilities and Limitations:
+ More access than RTR Read Only Analyst.
+ Can extract files using get command, can run commands that modify the device and run certain
custom scripts.
- Cannot create custom scripts, cannot upload files to hosts using put command and cannot directly run
executables using the run command.
- No access to "Edit and RunScript" tab.
Capabilities and Limitations: RTR ADMINISTRATOR - ✅✅✅CORRECT -Capabilities and Limitations:
+ Can do everything the RESPONDER can do.
+ Plus create custom scripts, upload files to hosts using put, and directly run executables using run.
+ There are no limitations to this role.
Create, edit, delete a new user:
How do you Add a user? (How do you traverse through the UI to add a user) - ✅✅✅CORRECT -*
ADMINISTRATIVE role for your Falcon subscription, such as FALCON ADMINISTRATOR is required *
, - Host setup and management > Falcon users > User management.
- Click Add User in the upper right of the window.
- Enter users email address, first name, last name.
- Select one or more roles.
- Click Add User
Create, edit, delete a new user:
How do you add a Delete? (How do you traverse through the UI to Delete a user) - ✅✅✅CORRECT -*
ADMINISTRATIVE role for your Falcon subscription, such as FALCON ADMINISTRATOR is required *
- Host setup and management > Falcon users > User management.
- Find the desired user.
- Click three-dot menu.
- Select Delete User.
- At confirmation, select Delete.
You can also delete a user from the three-dot menu inside the User details.
Create, edit, delete a new user:
How do you Edit a user? (How do you traverse through the UI to Edit a user) - ✅✅✅CORRECT -- Edit
username
- Edit Roles
- Reset 2FA
- Reset Password
A Falcon Administrator can make all changes to a user.
A Falcon Security Lead can reset 2FA and password but cannot change the user or assign roles.
