Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CCFR-201b Leak Questions

Page: 10 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 37

In the ' User Search - File Written ' section, a responder can see various files dropped by a user. Which of the following file types CANNOT be seen from this view?

Options:

A.

Scripts (.ps1, .sh)

B.

Executables (.exe)

C.

Executions (Process starts)

D.

Archive files (.zip, .7z)

Question 38

When examining a raw DNS request event, you see a field called ContextProcessld_decimal. What is the purpose of that field?

Options:

A.

It contains the TargetProcessld_decimal value for other related events

B.

It contains an internal value not useful for an investigation

C.

It contains the ContextProcessld_decimal value for the parent process that made the DNS request

D.

It contains the TargetProcessld_decimal value for the process that made the DNS request

Question 39

You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?

Options:

A.

Identifies a detailed list of all process executions for the specified hashes

B.

Identifies hosts that loaded or executed the specified hashes

C.

Identifies users associated with the specified hashes

D.

Identifies detections related to the specified hashes

Question 40

Depending on the subscription level, " Cloudable Events " (standard telemetry) have a specific retention period. What is the minimum period of time that these events are retained?

Options:

A.

1 day

B.

7 days

C.

14 days

D.

30 days

Page: 10 / 15
Total 199 questions