Summer Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Selected CCFR-201b CCFR Questions Answers

Page: 12 / 15
Total 199 questions

CrowdStrike Certified Falcon Responder Questions and Answers

Question 45

Which specific event type in the Falcon telemetry is associated with the creation of a new ' TargetProcessId_decimal ' ?

Options:

A.

ProcessRollup2

B.

FileCreation

C.

NetworkConnect

D.

RegistryUpdate

Question 46

A responder is focused on a specific malicious script and wants to see everything that the script ' s process did. Which timeline is the best tool for this task?

Options:

A.

Host Timeline

B.

Process Timeline

C.

User Timeline

D.

Administrative Timeline

Question 47

What happens when a hash is set to Always Block through IOC Management?

Options:

A.

Execution is prevented on all hosts by default

B.

Execution is prevented on selected host groups

C.

Execution is prevented and detection alerts are suppressed

D.

The hash is submitted for approval to be blocked from execution once confirmed by Falcon specialists

Question 48

You can jump to a Process Timeline from many views, like a Hash Search, by clicking which of the following?

Options:

A.

ProcessTimeline Link

B.

PID

C.

UTCtime

D.

Process ID or Parent Process ID

Page: 12 / 15
Total 199 questions