Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

New Release CCFR-201b CCFR Questions

Page: 2 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 5

The Activity Dashboard is a core feature for security teams. What is the primary purpose of this dashboard?

Options:

A.

To manage the installation and update of Falcon sensors.

B.

To provide a summary of the current threat state and active detections in the environment.

C.

To view the raw telemetry of every event happening on the network.

D.

To audit the changes made by other Falcon administrators.

Question 6

When a responder chooses to ' Release ' a file from quarantine because it was determined to be a false positive, what type of allowlist is automatically created in the background?

Options:

A.

Filename-based allowlist

B.

Hash-based allowlist

C.

Path-based allowlist

D.

Command-line allowlist

Question 7

When investigating system-level persistence, it is critical to know what the services.exe process is responsible for. What is its primary function?

Options:

A.

Managing user profiles and registry hives during login.

B.

Launching and managing the lifecycle of system services.

C.

Monitoring network traffic for potential data exfiltration.

D.

Providing a graphical interface for the Windows Task Manager.

Question 8

You are pre-staging a Custom IOC for later use and want to save a file hash for later use after approval.

Which action should you use?

Options:

A.

Save Hash

B.

Monitor

C.

No Action

D.

Always Block

Page: 2 / 15
Total 199 questions