Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the CrowdStrike CCFR CCFR-201b Questions and answers with CertsForce

Viewing page 1 out of 6 pages
Viewing questions 1-10 out of questions
Questions # 1:

What information does the MITRE ATT AND CK Framework provide?

Options:

A.

It provides best practices for different cybersecurity domains, such as Identify and Access Management


B.

It provides a step-by-step cyber incident response strategy


C.

It provides the phases of an adversary ' s lifecycle, the platforms they are known to attack, and the specific methods they use


D.

It is a system that attributes an attack techniques to a specific threat actor


Expert Solution
Questions # 2:

A security responder is investigating a detection where a low-privileged process attempted to manipulate a system token to gain administrative rights. Within the specific terminology used by the Falcon console, ' Privilege Escalation ' is classified as a:

Options:

A.

Technique


B.

Tactic


C.

Objective


D.

Indicator


Expert Solution
Questions # 3:

After an investigation, the following malicious artifacts have been identified:

    C:\Users*\AppData\iamnotmalware.exe

    C:\Users*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iamnotmalware.lnk

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iamnotmalware_really

What method will remove all associated artifacts from hosts that trigger future related detections?

Options:

A.

Create a Quarantine Rule that will quarantine all identified artifacts across the entire environment


B.

Create Custom IOA rules to prevent the execution of these artifacts


C.

Create a workflow to trigger on a new endpoint detection, query the telemetry data of the endpoint for known artifacts, and select Remove All Associated Artifacts as an action


D.

Create a workflow to trigger on a new endpoint detection, conditions that match the detection, and as an action a PowerShell script to kill associated processes and remove all artifacts


Expert Solution
Questions # 4:

What is the difference between a Host Search and a Host Timeline?

Options:

A.

Results from a Host Search return information in an organized view by type, while a Host Timeline returns a view of all events recorded by the sensor


B.

A Host Timeline only includes process execution events and user account activity


C.

Results from a Host Timeline include process executions and related events organized by data type. A Host Search returns a temporal view of all events for the given host


D.

There is no difference - Host Search and Host Timeline are different names for the same search page


Expert Solution
Questions # 5:

If an organization is experiencing several false positives from a specific Machine Learning (ML) detection group and wants to create a tightly-scoped allowlist, which grouping should they use first?

Options:

A.

Group by Filename


B.

Group by Hash


C.

Group by Command Line


D.

Group by User


Expert Solution
Questions # 6:

When an analyst is trying to pinpoint the exact moment an endpoint came online after being shut down for the weekend, which timeline view is the best to use?

Options:

A.

Process Timeline


B.

Host Timeline


C.

User Timeline


D.

Network Timeline


Expert Solution
Questions # 7:

When a responder is looking at the ' Full Detection Details ' page, they can toggle between several views. Which of the following is NOT a layout option available for viewing these details?

Options:

A.

Graph View


B.

Tree View


C.

Process Timeline


D.

List View


Expert Solution
Questions # 8:

Within the MITRE-Based Falcon Detections Framework, what is the correct way to interpret Keep Access > Persistence > Create Account?

Options:

A.

An adversary is trying to keep access through persistence by creating an account


B.

An adversary is trying to keep access through persistence using browser extensions


C.

An adversary is trying to keep access through persistence using external remote services


D.

adversary is trying to keep access through persistence using application skimming


Expert Solution
Questions # 9:

When looking at the details of a detection, there are two fields called Global Prevalence and Local Prevalence. Which answer best defines Local Prevalence?

Options:

A.

Local prevalence is the frequency with which the hash of the triggering file is seen across the entire Internet


B.

Local Prevalence tells you how common the hash of the triggering file is within your environment (CID)


C.

Local Prevalence is the Virus Total score for the hash of the triggering file


D.

Local prevalence is the frequency with which the hash of the triggering file is seen across all CrowdStrike customer environments


Expert Solution
Questions # 10:

Which of the following sentences best describes the primary objective of ' Real-time Analysis ' within the Falcon platform?

Options:

A.

Analyzing historical logs from the past 90 days to find missed threats.


B.

Investigating incoming telemetry in real time or on a near real-time basis to catch active threats.


C.

Scanning every file on a hard drive once per week for dormant viruses.


D.

Manually updating the Falcon sensor on every machine in the fleet.


Expert Solution
Viewing page 1 out of 6 pages
Viewing questions 1-10 out of questions