Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free CrowdStrike CCFR-201b Practice Exam with Questions & Answers | Set: 5

Questions 41

The Falcon console is divided into several modules. Timelines (Host and Process) are technically a part of which Falcon page?

Options:
A.

Activity

B.

Investigate

C.

Configuration

D.

Dashboards

CrowdStrike CCFR-201b Premium Access
Questions 42

When an organization needs to detect a specific behavior that is unique to their environment, they can create a Custom IOA. Which of the following is NOT required when configuring a custom IOA from scratch?

Options:
A.

Selecting a Rule Type (e.g., Process Creation).

B.

Specifying the Severity level of the resulting detection.

C.

Assigning a specific host group to the IOA rule at the time of creation.

D.

Providing a unique name for the rule.

Questions 43

To understand how a threat moved on a system, a responder must know the role of common processes. Which of the following statements best describes the standard functionality of explorer.exe?

Options:
A.

It is a system process responsible for the Local Security Authority subsystem.

B.

It is the primary process responsible for the File Explorer UI and the user ' s desktop environment.

C.

It is the Windows Command Processor used for executing batch files.

D.

It is the service control manager that handles the starting of background tasks.

Questions 44

Executive dashboards provide a high-level view of security. Which of the following CANNOT be seen from the Executive Summary Dashboard?

Options:
A.

Detections broken down by Tactic.

B.

A breakdown of Agent Versions across the fleet.

C.

The top 10 hosts with the most detections.

D.

The organization’s current CrowdScore trend.

Questions 45

When analyzing an executable with a global prevalence of common; but you do not know what the executable is. what is the best course of action?

Options:
A.

Do nothing, as this file is common and well known

B.

From detection, click the VT Hash button to pivot to VirusTotal to investigate further

C.

From detection, use API manager to create a custom blocklist

D.

From detection, submit to FalconX for deep dive analysis

Questions 46

An analyst needs to quickly view the activity surrounding a suspicious process. Which of the following sequences of steps will pivot to an auto-filled process timeline in the Falcon UI?

Options:
A.

Host Search > Processes and Services > Filename > Start Time > Process ID

B.

Activity Dashboard > Click Detection > Export to PDF

C.

Investigate > Bulk Search > Enter SHA256 > View Results

D.

Configuration > Host Groups > Select Host > Network History

Questions 47

While the host timeline is comprehensive, some data is not included in that specific view. Which of the following CANNOT be seen directly from the host timeline?

Options:
A.

Timestamp

B.

Event Name

C.

PID (Process ID)

D.

CPU Temperature

Questions 48

Which of the following tactic and technique combinations is sourced from MITRE ATT AND CK information?

Options:
A.

Falcon Intel via Intelligence Indicator - Domain

B.

Machine Learning via Cloud-Based ML

C.

Malware via PUP

D.

Credential Access via OS Credential Dumping

Questions 49

You receive an email from a third-party vendor that one of their services is compromised,thevendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?

Options:
A.

IP Addresses

B.

Remote or Network Logon Activity

C.

Remote Access Graph

D.

Hash Executions

Questions 50

The Falcon console integrates heavily with the MITRE ATT AND CK framework to provide industry-standard context. Which of the following tactics displayed in the detection UI is a direct implementation of a MITRE ATT AND CK tactic?

Options:
A.

Malware Action

B.

Impact

C.

Intelligence-Based Match

D.

Script-Based Execution