Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

CCFR-201 CrowdStrike Certified Falcon Responder Questions and Answers

Questions 4

The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?

Options:

A.

500

B.

750

C.

1000

D.

1200

Buy Now
Questions 5

When reviewing a Host Timeline, which of the following filters is available?

Options:

A.

Severity

B.

Event Types

C.

User Name

D.

Detection ID

Buy Now
Questions 6

Which Executive Summary dashboard item indicates sensors running with unsupported versions?

Options:

A.

Detections by Severity

B.

Inactive Sensors

C.

Sensors in RFM

D.

Active Sensors

Buy Now
Questions 7

From a detection, what is the fastest way to see children and sibling process information?

Options:

A.

Select the Event Search option. Then from the Event Actions, select Show Associated Event Data (From TargetProcessld_decimal)

B.

Select Full Detection Details from the detection

C.

Right-click the process and select "Follow Process Chain"

D.

Select the Process Timeline feature, enter the AID. Target Process ID, and Parent Process ID

Buy Now
Questions 8

When analyzing an executable with a global prevalence of common; but you do not know what the executable is. what is the best course of action?

Options:

A.

Do nothing, as this file is common and well known

B.

From detection, click the VT Hash button to pivot to VirusTotal to investigate further

C.

From detection, use API manager to create a custom blocklist

D.

From detection, submit to FalconX for deep dive analysis

Buy Now
Questions 9

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

Options:

A.

ParentProcessld_decimal and aid

B.

ResponsibleProcessld_decimal and aid

C.

ContextProcessld_decimal and aid

D.

TargetProcessld_decimal and aid

Buy Now
Questions 10

A list of managed and unmanaged neighbors for an endpoint can be found:

Options:

A.

by using Hosts page in the Investigate tool

B.

by reviewing "Groups" in Host Management under the Hosts page

C.

under "Audit" by running Sensor Visibility Exclusions Audit

D.

only by searching event data using Event Search

Buy Now
Questions 11

Which of the following is NOT a valid event type?

Options:

A.

StartofProcess

B.

EndofProcess

C.

ProcessRollup2

D.

DnsRequest

Buy Now
Questions 12

What information does the MITRE ATT&CK®Framework provide?

Options:

A.

It provides best practices for different cybersecurity domains, such as Identify and Access Management

B.

It provides a step-by-step cyber incident response strategy

C.

It provides the phases of an adversary's lifecycle, the platforms they are known to attack, and the specific methods they use

D.

It is a system that attributes an attack techniques to a specific threat actor

Buy Now
Questions 13

What does the Full Detection Details option provide?

Options:

A.

It provides a visualization of program ancestry via the Process Tree View

B.

It provides a visualization of program ancestry via the Process Activity View

C.

It provides detailed list of detection events via the Process Table View

D.

It provides a detailed list of detection events via the Process Tree View

Buy Now
Questions 14

What are Event Actions?

Options:

A.

Automated searches that can be used to pivot between related events and searches

B.

Pivotable hyperlinks available in a Host Search

C.

Custom event data queries bookmarked by the currently signed in Falcon user

D.

Raw Falcon event data

Buy Now
Questions 15

You receive an email from a third-party vendor that one of their services is compromised,thevendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?

Options:

A.

IP Addresses

B.

Remote or Network Logon Activity

C.

Remote Access Graph

D.

Hash Executions

Buy Now
Questions 16

What happens when you open the full detection details?

Options:

A.

Theprocess explorer opens and the detection is removed from the console

B.

The process explorer opens and you're able to view the processes and process relationships

C.

The process explorer opens and the detection copies to the clipboard

D.

The process explorer opens and the Event Search query is run for the detection

Buy Now
Questions 17

Within the MITRE-Based Falcon Detections Framework, what is the correct way to interpret Keep Access > Persistence > Create Account?

Options:

A.

An adversary is trying to keep access through persistence by creating an account

B.

An adversary is trying to keep access through persistence using browser extensions

C.

An adversary is trying to keep access through persistence using external remote services

D.

adversary is trying to keep access through persistence using application skimming

Buy Now
Questions 18

The primary purpose for running a Hash Search is to:

Options:

A.

determine any network connections

B.

review the processes involved with a detection

C.

determine the origin of the detection

D.

review information surrounding a hash's related activity

Buy Now
Exam Code: CCFR-201
Exam Name: CrowdStrike Certified Falcon Responder
Last Update: Nov 20, 2024
Questions: 60

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now CCFR-201 testing engine

PDF (Q&A)

$31.5  $104.99
buy now CCFR-201 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 24 Nov 2024