New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CCFR-201 CrowdStrike Certified Falcon Responder Questions and Answers

Questions 4

Which of the following is NOT a filter available on the Detections page?

Options:

A.

Severity

B.

CrowdScore

C.

Time

D.

Triggering File

Buy Now
Questions 5

Which option indicates a hash is allowlisted?

Options:

A.

No Action

B.

Allow

C.

Ignore

D.

Always Block

Buy Now
Questions 6

How long does detection data remain in the CrowdStrike Cloud before purging begins?

Options:

A.

90 Days

B.

45 Days

C.

30 Days

D.

14 Days

Buy Now
Questions 7

When reviewing a Host Timeline, which of the following filters is available?

Options:

A.

Severity

B.

Event Types

C.

User Name

D.

Detection ID

Buy Now
Questions 8

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

Options:

A.

ParentProcessld_decimal and aid

B.

ResponsibleProcessld_decimal and aid

C.

ContextProcessld_decimal and aid

D.

TargetProcessld_decimal and aid

Buy Now
Questions 9

What happens when you open the full detection details?

Options:

A.

Theprocess explorer opens and the detection is removed from the console

B.

The process explorer opens and you're able to view the processes and process relationships

C.

The process explorer opens and the detection copies to the clipboard

D.

The process explorer opens and the Event Search query is run for the detection

Buy Now
Questions 10

What is an advantage of using the IP Search tool?

Options:

A.

IP searches provide manufacture and timezone data that can not be accessed anywhere else

B.

IP searches allow for multiple comma separated IPv6 addresses as input

C.

IP searches offer shortcuts to launch response actions and network containment on target hosts

D.

IP searches provide host, process, and organizational unit data without the need to write a query

Buy Now
Questions 11

When you configure and apply an IOA exclusion, what impact does it have on the host and what you see in the console?

Options:

A.

The process specified is not sent to the Falcon Sandbox for analysis

B.

The associated detection will be suppressed and the associated process would have been allowed to run

C.

The sensor will stop sending events from the process specified in the regex pattern

D.

The associated IOA will still generate a detection but the associated process would have been allowed to run

Buy Now
Questions 12

The Process Activity View provides a rows-and-columns style view of the events generated in a detection. Why might this be helpful?

Options:

A.

The Process Activity View creates a consolidated view of all detection events for that process that can be exported for further analysis

B.

The Process Activity View will show the Detection time of the earliest recorded activity which might indicate first affected machine

C.

The Process Activity View only creates a summary of Dynamic Link Libraries (DLLs) loaded by a process

D.

The Process Activity View creates a count of event types only, which can be useful when scoping the event

Buy Now
Questions 13

What does pivoting to an Event Search from a detection do?

Options:

A.

It gives you the ability to search for similar events on other endpoints quickly

B.

It takes you to the raw Insight event data and provides you with a number of Event Actions

C.

It takes you to a Process Timeline for that detection so you can see all related events

D.

It allows you to input an event type, such as DNS Request or ASEP write, and search for those events within the detection

Buy Now
Questions 14

What is the difference between a Host Search and a Host Timeline?

Options:

A.

Results from a Host Search return information in an organized view by type, while a Host Timeline returns a view of all events recorded by the sensor

B.

A Host Timeline only includes process execution events and user account activity

C.

Results from a Host Timeline include process executions and related events organized by data type. A Host Search returns a temporal view of all events for the given host

D.

There is no difference - Host Search and Host Timeline are different names for the same search page

Buy Now
Questions 15

What happens when a hash is allowlisted?

Options:

A.

Execution is prevented, but detection alerts are suppressed

B.

Execution is allowed on all hosts, including all other Falcon customers

C.

The hash is submitted for approval to be allowed to execute once confirmed by Falcon specialists

D.

Execution is allowed on all hosts that fall under the organization's CID

Buy Now
Questions 16

In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?

Options:

A.

Thedata is unable to be exported

B.

View as Process Tree

C.

View as Process Timeline

D.

View as Process Activity

Buy Now
Questions 17

You receive an email from a third-party vendor that one of their services is compromised,thevendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?

Options:

A.

IP Addresses

B.

Remote or Network Logon Activity

C.

Remote Access Graph

D.

Hash Executions

Buy Now
Questions 18

Which of the following is an example of a MITRE ATT&CK tactic?

Options:

A.

Eternal Blue

B.

Defense Evasion

C.

Emotet

D.

Phishing

Buy Now
Exam Code: CCFR-201
Exam Name: CrowdStrike Certified Falcon Responder
Last Update: Dec 26, 2024
Questions: 60
CCFR-201 pdf

CCFR-201 PDF

$25.5  $84.99
CCFR-201 Engine

CCFR-201 Testing Engine

$30  $99.99
CCFR-201 PDF + Engine

CCFR-201 PDF + Testing Engine

$40.5  $134.99