CrowdStrike Certified Falcon Administrator

Here you have the best CrowdStrike CCFA practice exam questions

You have 248 total questions across 50 pages (5 per page)
These questions were last updated on February 12, 2026
This site is not affiliated with or endorsed by CrowdStrike.

Question 1 of 248

What is the function of a single asterisk (*) in an ML exclusion pattern?

The single asterisk will match any number of characters, including none. It does include separator characters, such as \ or /, which separate portions of a file path

The single asterisk will match any number of characters, including none. It does not include separator characters, such as \ or /, which separate portions of a file path

The single asterisk is the insertion point for the variable list that follows the path

The single asterisk is only used to start an expression, and it represents the drive letter

Question 2 of 248

You have determined that you have numerous Machine Learning detections in your environment that are false positives. They are caused by a single binary that was custom written by a vendor for you and that binary is running on many endpoints. What is the best way to prevent these in the future?

Contact support and request that they modify the Machine Learning settings to no longer include this detection

Using IOC Management, add the hash of the binary in question and set the action to "Allow"

Using IOC Management, add the hash of the binary in question and set the action to "Block, hide detection"

Using IOC Management, add the hash of the binary in question and set the action to "No Action"

Question 3 of 248

What is the purpose of a containment policy?

To define which Falcon analysts can contain endpoints

To define the duration of Network Containment

To define the trigger under which a machine is put in Network Containment (e.g. a critical detection)

To define allowed IP addresses over which your hosts will communicate when contained

Question 4 of 248

An administrator creating an exclusion is limited to applying a rule to how many groups of hosts?

File exclusions are not aligned to groups or hosts

There is a limit of three groups of hosts applied to any exclusion

There is no limit and exclusions can be applied to any or all groups

Each exclusion can be aligned to only one group of hosts

Question 5 of 248

Even though you are a Falcon Administrator, you discover you are unable to use the "Connect to Host" feature to gather additional information which is only available on the host. Which role do you need added to your user account to have this capability?

Real Time Responder

Endpoint Manager

Falcon Investigator

Remediation Manager

About the CrowdStrike CCFA Certification Exam

About the Exam

The CrowdStrike CCFA (CrowdStrike Certified Falcon Administrator) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 248 practice questions across 50 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our CCFA questions are regularly updated to reflect the latest exam objectives.