Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free CrowdStrike CCFR-201b Practice Exam with Questions & Answers | Set: 3

Questions 21

What types of events are returned by a Process Timeline?

Options:
A.

Only detection events

B.

All cloudable events

C.

Only process events

D.

Only network events

CrowdStrike CCFR-201b Premium Access
Questions 22

To ensure that a malicious file cannot be accidentally executed or accessed by other processes, how are quarantined files stored on the local endpoints?

Options:
A.

They are hidden within the Windows System32 directory.

B.

They are stored in an encrypted format.

C.

They are renamed with a random 32-character extension.

D.

They are moved to a password-protected ZIP file on the desktop.

Questions 23

What are Event Actions?

Options:
A.

Automated searches that can be used to pivot between related events and searches

B.

Pivotable hyperlinks available in a Host Search

C.

Custom event data queries bookmarked by the currently signed in Falcon user

D.

Raw Falcon event data

Questions 24

What action is used when you want to save a prevention hash for later use?

Options:
A.

Always Block

B.

Never Block

C.

Always Allow

D.

No Action

Questions 25

Filtering is essential for managing a high volume of alerts. Which of the following filters is available by default within the ' Endpoint Detections ' dashboard to help narrow down specific threats?

Options:
A.

Triggering File

B.

Hardware BIOS Version

C.

Local Subnet Mask

D.

Sensor Update Policy Name

Questions 26

A responder wants to include a visual representation of a process tree in an incident report. Which of the following is NOT a valid way to export process data from ' Full Detection Details ' ?

Options:
A.

Process Tree > PNG

B.

Process Tree > JPEG

C.

Detection > CSV

D.

Process Tree > JSON

Questions 27

To track the relationship between a parent and its child, Falcon uses specific ID fields. What raw data is used as the ' ParentProcessId_decimal ' when a process spawns a child process?

Options:
A.

The Operating System PID of the parent.

B.

The TargetProcessId_decimal of the parent process.

C.

The ContextProcessId_decimal of the system.

D.

The RootProcessId_decimal of the entire tree.

Questions 28

To speed up investigations, Falcon uses ' event workflows ' . Which of the following sentences best describes what event workflows are?

Options:
A.

They are automated scripts that perform remediation actions like killing processes.

B.

They are automated searches that can be used to pivot between related events and searches.

C.

They are PDF reports that summarize an incident for executive review.

D.

They are schedules for when the sensor should perform a full disk scan.

Questions 29

After running an Event Search, you can select many Event Actions depending on your results. Which of the following is NOT an option for any Event Action?

Options:
A.

Draw Process Explorer

B.

Show a +/- 10-minute window of events

C.

Show a Process Timeline for the responsible process

D.

Show Associated Event Data (from TargetProcessld_decimal or ContextProcessld_decimal)

Questions 30

Data retention is a key factor in retrospective hunting. How long will " Detection Related Events " be retained in the Falcon environment?

Options:
A.

30 days

B.

60 days

C.

90 days

D.

1 year