Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Pearson CCFR-201b New Attempt

Page: 11 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 41

CrowdStrike provides ' Overwatch Best Practices ' for triaging alerts. According to these guidelines, what is the next step a responder should take immediately after the ' Understand the detection ' step?

Options:

A.

Isolate the host from the network.

B.

Review the process tree to understand the origin of the activity.

C.

Perform an OSINT search for the suspicious hash.

D.

Resolve the detection as a True Positive.

Question 42

What happens when a hash is allowlisted?

Options:

A.

Execution is prevented, but detection alerts are suppressed

B.

Execution is allowed on all hosts, including all other Falcon customers

C.

The hash is submitted for approval to be allowed to execute once confirmed by Falcon specialists

D.

Execution is allowed on all hosts that fall under the organization ' s CID

Question 43

Within the MITRE-Based Falcon Detections Framework, what is the correct way to interpret Keep Access > Persistence > Create Account?

Options:

A.

An adversary is trying to keep access through persistence by creating an account

B.

An adversary is trying to keep access through persistence using browser extensions

C.

An adversary is trying to keep access through persistence using external remote services

D.

adversary is trying to keep access through persistence using application skimming

Question 44

What does the Full Detection Details option provide?

Options:

A.

It provides a visualization of program ancestry via the Process Tree View

B.

It provides a visualization of program ancestry via the Process Activity View

C.

It provides detailed list of detection events via the Process Table View

D.

It provides a detailed list of detection events via the Process Tree View

Page: 11 / 15
Total 199 questions