Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free CrowdStrike CCFR-201b Practice Exam with Questions & Answers | Set: 2

Questions 11

Refer to the image.

CCFR-201b Question 11

Within a Host Search, you have filtered for cmd.exe in the Process executions table and now need to pivot to a process timeline.

Which item in the table do you select to pivot to the Process Timeline?

Options:
A.

PID

B.

Process ID

C.

Command Line

CrowdStrike CCFR-201b Premium Access
Questions 12

The ' Detection Resolutions ' dashboard helps track team performance. Which of the following CANNOT be seen from this dashboard?

Options:
A.

Average time to resolve a detection.

B.

Total number of detections resolved by each analyst.

C.

The top 10 hosts/users/files with the most detections.

D.

The breakdown of True Positive vs. False Positive resolutions.

Questions 13

You are pre-staging a Custom IOC for later use and want to save a file hash for later use after approval.

Which action should you use?

Options:
A.

Save Hash

B.

Monitor

C.

No Action

D.

Always Block

Questions 14

In the full detection tree view, icons provide visual cues about the telemetry. What does the specific icon representing a ' Falcon ' (blue bird) indicate to the responder?

Options:
A.

The file has been successfully quarantined by the sensor.

B.

There is related Intelligence (Intel) data available for this detection.

C.

The process has been identified as a legitimate system file.

D.

The host is currently undergoing a remote live response session.

Questions 15

If the Falcon sensor identifies suspicious behavioral patterns—such as a process attempting to dump memory from lsass.exe—what specific type of detection will be generated?

Options:
A.

Indicator of Compromise (IOC)

B.

Indicator of Attack (IOA)

C.

Known Malware Alert

D.

Intelligence Data Match

Questions 16

From the Detections page, how can you view ' in-progress ' detections assigned to Falcon Analyst Alex?

Options:
A.

Filter on ' Analyst: Alex '

B.

Alex does not have the correct role permissions as a Falcon Analyst to be assigned detections

C.

Filter on ' Hostname: Alex ' and ' Status: In-Progress '

D.

Filter on ' Status: In-Progress ' and ' Assigned-to: Alex*

Questions 17

You are notified by a third-party that a program may have redirected traffic to a malicious domain. Which Falcon page will assist you in searching for any domain request information related to this notice?

Options:
A.

Falcon X

B.

Investigate

C.

Discover

D.

Spotlight

Questions 18

While investigating a detection, you pivot to the Advanced Event Search.

Which field would you filter by to return events executing from a specific directory on the host?

Options:
A.

TreeId

B.

@source

C.

ParentBaseFileName

D.

FilePath

Questions 19

Which is TRUE regarding a file released from quarantine?

Options:
A.

No executions are allowed for 14 days after release

B.

It is allowed to execute on all hosts

C.

It is deleted

D.

It will not generate future machine learning detections on the associated host

Questions 20

Depending on the subscription level, " Cloudable Events " (standard telemetry) have a specific retention period. What is the minimum period of time that these events are retained?

Options:
A.

1 day

B.

7 days

C.

14 days

D.

30 days