Free CCFR-201b Questions for CrowdStrike Certified Falcon Responder CCFR-201b Exam as PDF & Practice Test Engine
An analyst needs to quickly view the activity surrounding a suspicious process. Which of the following sequences of steps will pivot to an auto-filled process timeline in the Falcon UI?
Correct Answer: B
Vote an answer
In the Hash Search tool, which of the following is listed under Process Executions?
Correct Answer: C
Vote an answer
Which specific event type in the Falcon telemetry is associated with the creation of a new
'TargetProcessId_decimal'?
'TargetProcessId_decimal'?
Correct Answer: B
Vote an answer
A responder wants to include a visual representation of a process tree in an incident report. Which of the following is NOT a valid way to export process data from 'Full Detection Details'?
Correct Answer: D
Vote an answer
A responder needs to find a specific sequence of network connections that did not trigger a detection. Which search tool allows them to search for anything within the raw telemetry?
Correct Answer: B
Vote an answer
Which of the following sentences best describes the primary objective of 'Real-time Analysis' within the Falcon platform?
Correct Answer: D
Vote an answer
To maintain a logical flow during an incident post-mortem, CrowdStrike recommends describing adversary activity using a specific three-part sentence structure. Which combination best completes this sentence: "The adversary was trying to [1], by [2], using [3]"?
Correct Answer: A
Vote an answer
During the triage of a detection involving a newly created persistent task, which specific indicator is most important for a responder to identify the actual intent of the service?
Correct Answer: B
Vote an answer
What does pivoting to an Event Search from a detection do?
Correct Answer: A
Vote an answer
The Bulk Domain Search tool contains Domain information along with which of the following?
Correct Answer: C
Vote an answer
0
0
0
10