The Falcon console is divided into several modules. Timelines (Host and Process) are technically a part of which Falcon page?
When an organization needs to detect a specific behavior that is unique to their environment, they can create a Custom IOA. Which of the following is NOT required when configuring a custom IOA from scratch?
To understand how a threat moved on a system, a responder must know the role of common processes. Which of the following statements best describes the standard functionality of explorer.exe?
Executive dashboards provide a high-level view of security. Which of the following CANNOT be seen from the Executive Summary Dashboard?
When analyzing an executable with a global prevalence of common; but you do not know what the executable is. what is the best course of action?
An analyst needs to quickly view the activity surrounding a suspicious process. Which of the following sequences of steps will pivot to an auto-filled process timeline in the Falcon UI?
While the host timeline is comprehensive, some data is not included in that specific view. Which of the following CANNOT be seen directly from the host timeline?
Which of the following tactic and technique combinations is sourced from MITRE ATT AND CK information?
You receive an email from a third-party vendor that one of their services is compromised,thevendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?
The Falcon console integrates heavily with the MITRE ATT AND CK framework to provide industry-standard context. Which of the following tactics displayed in the detection UI is a direct implementation of a MITRE ATT AND CK tactic?
|
PDF + Testing Engine
|
|---|
|
$49.5 |
|
Testing Engine
|
|---|
|
$37.5 |
|
PDF (Q&A)
|
|---|
|
$31.5 |
CrowdStrike Free Exams |
|---|
|