Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

CCFR-201b CrowdStrike Certified Falcon Responder is now Stable and With Pass Result | Test Your Knowledge for Free

Exams4sure Dumps

CCFR-201b Practice Questions

CrowdStrike Certified Falcon Responder

Last Update 4 days ago
Total Questions : 199

Dive into our fully updated and stable CCFR-201b practice test platform, featuring all the latest CCFR exam questions added this week. Our preparation tool is more than just a CrowdStrike study aid; it's a strategic advantage.

Our free CCFR practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about CCFR-201b. Use this test to pinpoint which areas you need to focus your study on.

CCFR-201b PDF

CCFR-201b PDF (Printable)
$54.25
$154.99

CCFR-201b Testing Engine

CCFR-201b PDF (Printable)
$59.5
$169.99

CCFR-201b PDF + Testing Engine

CCFR-201b PDF (Printable)
$74.55
$212.99
Question # 1

When analyzing an executable with a global prevalence of common; but you do not know what the executable is. what is the best course of action?

Options:

A.  

Do nothing, as this file is common and well known

B.  

From detection, click the VT Hash button to pivot to VirusTotal to investigate further

C.  

From detection, use API manager to create a custom blocklist

D.  

From detection, submit to FalconX for deep dive analysis

Discussion 0
Question # 2

What action is needed to ensure Falcon does not block or generate a detection for a process by using the file hash?

Options:

A.  

Create a Custom IOC with an action of allow for the hash

B.  

Create a Machine Learning Exclusion with an action of allow for the hash

C.  

Create a Custom IOA with an action of allow for the hash

D.  

Create an IOA Exclusion with an action of allow for the hash

Discussion 0
Question # 3

Your lead analyst instructs you to dump the kernel memory of a Windows system using Real Time Response (RTR).

Which native RTR command best helps you to quickly achieve the task?

Options:

A.  

CSWINDIAG

B.  

dumpmem

C.  

xmemdump

D.  

memdump

Discussion 0
Question # 4

CrowdScore is a metric used to identify the severity of an ongoing incident. What percentage of increase in a CrowdScore is considered a strong indication of a coordinated attack?

Options:

A.  

10%

B.  

20%

C.  

50%

D.  

100%

Discussion 0
Question # 5

An adversary is attempting to disable security features by modifying the system registry. Which of the following native Windows processes is specifically designed to create, modify, and delete Registry keys via the command line?

Options:

A.  

reg.exe

B.  

taskmgr.exe

C.  

lsass.exe

D.  

svchost.exe

Discussion 0
Question # 6

When navigating the ' Custom IOA ' creation wizard, a user must select a rule type. Which of the following is NOT a valid IOA rule type available for selection?

Options:

A.  

Process Creation

B.  

File Creation

C.  

Domain Name

D.  

Scheduled Task

Discussion 0
Question # 7

While quarantined files stay on the local host for 30 days by default, how many days does a quarantined file remain stored in the CrowdStrike Cloud?

Options:

A.  

30 days

B.  

60 days

C.  

90 days

D.  

180 days

Discussion 0
Question # 8

You are tasked with remediating adware for a host using a custom script via Real Time Response (RTR). When running the script, you get an error that the script is timing out.

How can you resolve this issue?

Options:

A.  

Set the -timeout argument to off

B.  

Set the -timeout argument to a longer period

C.  

Rerun the script

D.  

Change the timeout policy in the console settings

Discussion 0
Question # 9

Refer to the image.

Question # 9

What does the arrowed line indicate?

Options:

A.  

PowerShell spawned Notepad.exe, which injected a thread back to Excel.exe

B.  

The thread injection was considered a Medium severity injection

C.  

PowerShell spawned Notepad.exe, which injected a thread back to PowerShell

D.  

Notepad.exe injected itself into Excel.exe

Discussion 0
Question # 10

What happens when you create a Sensor Visibility Exclusion for a trusted file path?

Options:

A.  

It excludes host information from Detections and Incidents generated within that file path location

B.  

It prevents file uploads to the CrowdStrike cloud from that file path

C.  

It excludes sensor monitoring and event collection for the trusted file path

D.  

It disables detection generation from that path, however the sensor can still perform prevention actions

Discussion 0
Get CCFR-201b dumps and pass your exam in 24 hours!

Free Exams Sample Questions