A responder is explaining the quarantine process to a system administrator. What happens technically when a file is quarantined by the Falcon sensor?
Which Executive Summary dashboard item indicates sensors running with unsupported versions?
CrowdScore is a metric used to identify the severity of an ongoing incident. What percentage of increase in a CrowdScore is considered a strong indication of a coordinated attack?
Responders use ' IP Search ' to track connections to malicious infrastructure. Which of the following statements about the IP Search is FALSE?
While reviewing the high-level organizational structure of a complex detection in the Falcon console, a responder identifies several layers of activity. Which of the following is NOT officially recognized as an Objective Layer within the CrowdStrike detection hierarchy?
CrowdStrike provides ' Overwatch Best Practices ' for triaging alerts. According to these guidelines, what is the next step a responder should take immediately after the ' Understand the detection ' step?
You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?
In various telemetry events like ' FileWrite ' or ' NetworkConnect ' , Falcon identifies the process that performed the action. Which field will always identify this " acting " process?
A list of managed and unmanaged neighbors for an endpoint can be found:
A security responder is investigating a detection where a low-privileged process attempted to manipulate a system token to gain administrative rights. Within the specific terminology used by the Falcon console, ' Privilege Escalation ' is classified as a:
|
PDF + Testing Engine
|
|---|
|
$49.5 |
|
Testing Engine
|
|---|
|
$37.5 |
|
PDF (Q&A)
|
|---|
|
$31.5 |
CrowdStrike Free Exams |
|---|
|