Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Ace Your CCFR-201b CCFR Exam

Page: 8 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 29

During the triage of a detection involving a newly created persistent task, which specific indicator is most important for a responder to identify the actual intent of the service?

Options:

A.

The total CPU usage of the parent process.

B.

The command-line arguments used during the task creation.

C.

The Agent ID (AID) of the host where the detection fired.

D.

The physical location of the endpoint in the office.

Question 30

Which of the following sentences best describes the primary objective of ' Real-time Analysis ' within the Falcon platform?

Options:

A.

Analyzing historical logs from the past 90 days to find missed threats.

B.

Investigating incoming telemetry in real time or on a near real-time basis to catch active threats.

C.

Scanning every file on a hard drive once per week for dormant viruses.

D.

Manually updating the Falcon sensor on every machine in the fleet.

Question 31

When performing a ' Hash Search ' , which of the following is NOT a filter available for use?

Options:

A.

SHA256

B.

MD5

C.

File Type

D.

Filename

Question 32

When examining a detection process tree, several fields are provided to give context. Which of the following is NOT included in the standard fields of a detection process tree?

Options:

A.

Command Line

B.

User Name

C.

HTTP Post contents

D.

SHA256 Hash

Page: 8 / 15
Total 199 questions