Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free CCFR-201b Questions Attempt

Page: 5 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 17

An analyst is triaging a detection that has been categorized under the ‘Follow Through’ Objective Layer. Based on the Falcon technical documentation, which of the following adversary tactics is most likely to be observed within this specific layer?

Options:

A.

Credential Access through memory scraping

B.

Collection of sensitive data for exfiltration

C.

Initial Access via a drive-by download

D.

Discovery of local network shares and services

Question 18

In the ' Graph View ' of a detection, processes are connected by arrows. Which of the following does a yellow arrow connecting two processes indicate?

Options:

A.

A standard Parent-Child relationship.

B.

A Network connection was established between the two processes.

C.

A Thread Injector-Injectee relationship (Process Injection).

D.

A file was written by the first process and read by the second.

Question 19

The primary purpose for running a Hash Search is to:

Options:

A.

determine any network connections

B.

review the processes involved with a detection

C.

determine the origin of the detection

D.

review information surrounding a hash ' s related activity

Question 20

To speed up investigations, Falcon uses ' event workflows ' . Which of the following sentences best describes what event workflows are?

Options:

A.

They are automated scripts that perform remediation actions like killing processes.

B.

They are automated searches that can be used to pivot between related events and searches.

C.

They are PDF reports that summarize an incident for executive review.

D.

They are schedules for when the sensor should perform a full disk scan.

Page: 5 / 15
Total 199 questions