Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

CCFR-201b CrowdStrike Certified Falcon Responder is now Stable and With Pass Result | Test Your Knowledge for Free

Exams4sure Dumps

CCFR-201b Practice Questions

CrowdStrike Certified Falcon Responder

Last Update 4 days ago
Total Questions : 199

Dive into our fully updated and stable CCFR-201b practice test platform, featuring all the latest CCFR exam questions added this week. Our preparation tool is more than just a CrowdStrike study aid; it's a strategic advantage.

Our free CCFR practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about CCFR-201b. Use this test to pinpoint which areas you need to focus your study on.

CCFR-201b PDF

CCFR-201b PDF (Printable)
$54.25
$154.99

CCFR-201b Testing Engine

CCFR-201b PDF (Printable)
$59.5
$169.99

CCFR-201b PDF + Testing Engine

CCFR-201b PDF (Printable)
$74.55
$212.99
Question # 11

After pivoting to an event search from a detection, you locate the ProcessRollup2 event. Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?

Options:

A.  

SHA256 and TargetProcessld_decimal

B.  

SHA256 and ParentProcessld_decimal

C.  

aid and ParentProcessld_decimal

D.  

aid and TargetProcessld_decimal

Discussion 0
Question # 12

If a local administrator needs to inspect the quarantine directory directly on a machine, where are quarantine files located on a Windows Endpoint?

Options:

A.  

C:\Temp\CrowdStrike\Quarantine

B.  

C:\Windows\System32\Drivers\CrowdStrike\Quarantine

C.  

C:\Program Files\CrowdStrike\Quarantine

D.  

C:\Users\Public\CrowdStrike\Quarantine

Discussion 0
Question # 13

While reviewing the high-level organizational structure of a complex detection in the Falcon console, a responder identifies several layers of activity. Which of the following is NOT officially recognized as an Objective Layer within the CrowdStrike detection hierarchy?

Options:

A.  

Contact Controlled Systems

B.  

Lateral Movement

C.  

Gain Access

D.  

Follow Through

Discussion 0
Question # 14

When a responder needs to take data out of the Falcon console for external analysis, which of the following is NOT an option when exporting searches?

Options:

A.  

CSV

B.  

JSON

C.  

PDF

D.  

Gzip

Discussion 0
Question # 15

In the ' User Search - File Written ' section, a responder can see various files dropped by a user. Which of the following file types CANNOT be seen from this view?

Options:

A.  

Scripts (.ps1, .sh)

B.  

Executables (.exe)

C.  

Executions (Process starts)

D.  

Archive files (.zip, .7z)

Discussion 0
Question # 16

A responder needs to categorize an incident based on the high-level goals of the attacker. Which of the following lists correctly identifies the " Objectives " as they are natively defined and used within the Falcon platform?

Options:

A.  

Explore, Keep Access, Gain Access, Falcon Detection Method, Contact Controlled systems, Follow Through

B.  

Reconnaissance, Delivery, Weaponization, Exploitation, Installation, Command and Control

C.  

Identify, Protect, Detect, Respond, Recover, Lessons Learned

D.  

Triage, Containment, Remediation, Eradication, Reporting, Recovery

Discussion 0
Question # 17

An analyst needs to quickly view the activity surrounding a suspicious process. Which of the following sequences of steps will pivot to an auto-filled process timeline in the Falcon UI?

Options:

A.  

Host Search > Processes and Services > Filename > Start Time > Process ID

B.  

Activity Dashboard > Click Detection > Export to PDF

C.  

Investigate > Bulk Search > Enter SHA256 > View Results

D.  

Configuration > Host Groups > Select Host > Network History

Discussion 0
Question # 18

Administrators can define their own criteria for alerts. Which of the following is an example of a custom detection within the Falcon platform?

Options:

A.  

Sensor-based Malware Detections

B.  

Blacklisted Hashes

C.  

Overwatch Managed Detections

D.  

Behavioral IOA Detections

Discussion 0
Question # 19

A responder is unsure about the difference between ' Detection ' and ' Prevention ' settings. Where can they find information about Detection and Prevention Policies?

Options:

A.  

On the public CrowdStrike blog.

B.  

In the Support page under the Docs section.

C.  

By clicking the ' About ' button in the user profile.

D.  

In the training videos on the main Dashboard.

Discussion 0
Question # 20

During the triage of a detection involving a newly created persistent task, which specific indicator is most important for a responder to identify the actual intent of the service?

Options:

A.  

The total CPU usage of the parent process.

B.  

The command-line arguments used during the task creation.

C.  

The Agent ID (AID) of the host where the detection fired.

D.  

The physical location of the endpoint in the office.

Discussion 0
Get CCFR-201b dumps and pass your exam in 24 hours!

Free Exams Sample Questions