Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CCFR-201b Exam Questions Tutorials

Page: 6 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 21

When reviewing a Host Timeline, which of the following filters is available?

Options:

A.

Severity

B.

Event Types

C.

User Name

D.

Detection ID

Question 22

How are processes on the same plane ordered (bottom ' VMTOOLSD.EXE ' to top CMD.EXE ' )?

Options:

A.

Process ID (Descending, highest on bottom)

B.

Time started (Descending, most recent on bottom)

C.

Time started (Ascending, most recent on top)

D.

Process ID (Ascending, highest on top)

Question 23

To maintain a logical flow during an incident post-mortem, CrowdStrike recommends describing adversary activity using a specific three-part sentence structure. Which combination best completes this sentence: " The adversary was trying to [1], by [2] , using [3] " ?

Options:

A.

< Technique > , < Tactic > , < Objective >

B.

< Objective > , < Tactic > , < Technique >

C.

< Objective > , < Technique > , < Tactic >

D.

< Tactic > , < Objective > , < Technique >

Question 24

Which of the following subtitles/sub-views cannot be seen in the results of a ' Hash Search ' ?

Options:

A.

File Metadata

B.

Process Timeline

C.

Intel Indicators

D.

Execution History

Page: 6 / 15
Total 199 questions