Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CCFR CCFR-201b Exam Questions and Answers PDF

Page: 3 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 9

What information is contained within a Process Timeline?

Options:

A.

All cloudable process-related events within a given timeframe

B.

All cloudable events for a specific host

C.

Only detection process-related events within a given timeframe

D.

A view of activities on Mac or Linux hosts

Question 10

An analyst notices a detection that has been automatically flagged with the ' New Activity ' status. Which of the following statements best describes what this status indicates?

Options:

A.

A brand new detection has been triggered on a host that was recently added to the network.

B.

A detection that was previously moved to a resolved status has generated new telemetry and activity.

C.

A user has logged into a machine for the first time since the sensor was installed.

D.

The Falcon Overwatch team has manually verified that the detection is an active threat.

Question 11

In the full detection tree view, icons provide visual cues about the telemetry. What does the specific icon representing a ' Falcon ' (blue bird) indicate to the responder?

Options:

A.

The file has been successfully quarantined by the sensor.

B.

There is related Intelligence (Intel) data available for this detection.

C.

The process has been identified as a legitimate system file.

D.

The host is currently undergoing a remote live response session.

Question 12

If the Falcon sensor identifies suspicious behavioral patterns—such as a process attempting to dump memory from lsass.exe—what specific type of detection will be generated?

Options:

A.

Indicator of Compromise (IOC)

B.

Indicator of Attack (IOA)

C.

Known Malware Alert

D.

Intelligence Data Match

Page: 3 / 15
Total 199 questions