Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Full Access CrowdStrike CCFR-201b Tutorials

Page: 14 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 53

Which of the following sentences best describes the primary use of ' Retrospective Analysis ' ?

Options:

A.

Identifying future threats using predictive AI models.

B.

Applying an investigative approach across historical timed buckets of telemetry to find past activity.

C.

Terminating a malicious process as it starts to execute.

D.

Recovering files that were encrypted by a ransomware attack.

Question 54

Which of the following is returned from the IP Search tool?

Options:

A.

IP Summary information from Falcon events containing the given IP

B.

Threat Graph Data for the given IP from Falcon sensors

C.

Unmanaged host data from system ARP tables for the given IP

D.

IP Detection Summary information for detection events containing the given IP

Question 55

The MITRE-Based Falcon Detections Framework is a core component of the Falcon UI. What is the primary operational advantage provided by this framework to a Tier 1 responder?

Options:

A.

It allows for the automated decryption of files affected by ransomware.

B.

It provides a standardized view of the attack lifecycle to help understand adversary behavior.

C.

It enables the sensor to block kernel-level drivers from unknown publishers.

D.

It provides a real-time count of the total number of files on the endpoint.

Question 56

A responder is looking at event telemetry and sees an event named ' ProcessRollup2 ' . Which sentence best describes what this event type represents?

Options:

A.

An existing process was terminated by the user.

B.

A new process was created and started on the endpoint.

C.

A process successfully established a network connection.

D.

A process modified a sensitive registry key.

Page: 14 / 15
Total 199 questions