Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium CrowdStrike CCFR-201 Dumps Questions Answers

Page: 1 / 5
Total 60 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 1

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

Options:

A.

ParentProcessld_decimal and aid

B.

ResponsibleProcessld_decimal and aid

C.

ContextProcessld_decimal and aid

D.

TargetProcessld_decimal and aid

Buy Now
Question 2

The Bulk Domain Search tool contains Domain information along with which of the following?

Options:

A.

Process Information

B.

Port Information

C.

IP Lookup Information

D.

Threat Actor Information

Question 3

Aside from a Process Timeline or Event Search, how do you export process event data from a detection in .CSV format?

Options:

A.

You can't export detailed event data from a detection, you have to use the Process Timeline or an Event Search

B.

In Full Detection Details, you expand the nodes of the process tree you wish to expand and then click the "Export Process Events" button

C.

In Full Detection Details, you choose the "View Process Activity" option and then export from that view

D.

From the Detections Dashboard, you right-click the event type you wish to export and choose CSV. JSON or XML

Question 4

How long are quarantined files stored on the host?

Options:

A.

45 Days

B.

30 Days

C.

Quarantined files are never deleted from the host

D.

90 Days

Question 5

Which statement is TRUE regarding the "Bulk Domains" search?

Options:

A.

It will show a list of computers and process that performed a lookup of any of the domains in your search

B.

The "Bulk Domains" search will allow you to blocklist your queried domains

C.

The "Bulk Domains" search will show IP address and port information for any associated connectionsD.You should only pivot to the "Bulk Domains" search tool after completing an investigation

Question 6

The primary purpose for running a Hash Search is to:

Options:

A.

determine any network connections

B.

review the processes involved with a detection

C.

determine the origin of the detection

D.

review information surrounding a hash's related activity

Question 7

What do IOA exclusions help you achieve?

Options:

A.

Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy

B.

Reduce false positives of behavioral detections from IOA based detections only

C.

Reduce false positives of behavioral detections from IOA based detections based on a file hash

D.

Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

Question 8

How long are quarantined files stored in the CrowdStrike Cloud?

Options:

A.

45 Days

B.

90 Days

C.

Days

D.

Quarantined files are not deleted

Question 9

How does a DNSRequest event link to its responsible process?

Options:

A.

Via both its ContextProcessld__decimal and ParentProcessld_decimal fields

B.

Via its ParentProcessld_decimal field

C.

Via its ContextProcessld_decimal field

D.

Via its TargetProcessld_decimal field

Question 10

Sensor Visibility Exclusion patterns are written in which syntax?

Options:

A.

Glob Syntax

B.

Kleene Star Syntax

C.

RegEx

D.

SPL(Splunk)

Question 11

What happens when a hash is set to Always Block through IOC Management?

Options:

A.

Execution is prevented on all hosts by default

B.

Execution is prevented on selected host groups

C.

Execution is prevented and detection alerts are suppressed

D.

The hash is submitted for approval to be blocked from execution once confirmed by Falcon specialists

Question 12

When reviewing a Host Timeline, which of the following filters is available?

Options:

A.

Severity

B.

Event Types

C.

User Name

D.

Detection ID

Question 13

What is an advantage of using the IP Search tool?

Options:

A.

IP searches provide manufacture and timezone data that can not be accessed anywhere else

B.

IP searches allow for multiple comma separated IPv6 addresses as input

C.

IP searches offer shortcuts to launch response actions and network containment on target hosts

D.

IP searches provide host, process, and organizational unit data without the need to write a query

Question 14

What action is used when you want to save a prevention hash for later use?

Options:

A.

Always Block

B.

Never Block

C.

Always Allow

D.

No Action

Question 15

When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?

Options:

A.

It contains an internal value not useful for an investigation

B.

It contains the TargetProcessld_decimal value of the child process

C.

It contains the Sensorld_decimal value for related events

D.

It contains the TargetProcessld_decimal of the parent process

Question 16

A list of managed and unmanaged neighbors for an endpoint can be found:

Options:

A.

by using Hosts page in the Investigate tool

B.

by reviewing "Groups" in Host Management under the Hosts page

C.

under "Audit" by running Sensor Visibility Exclusions Audit

D.

only by searching event data using Event Search

Question 17

What is the difference between Managed and Unmanaged Neighbors in the Falcon console?

Options:

A.

A managed neighbor is currently network contained and an unmanaged neighbor is uncontained

B.

A managed neighbor has an installed and provisioned sensor

C.

An unmanaged neighbor is in a segmented area of the network

D.

A managed sensor has an active prevention policy

Question 18

Which of the following is NOT a filter available on the Detections page?

Options:

A.

Severity

B.

CrowdScore

C.

Time

D.

Triggering File

Page: 1 / 5
Total 60 questions