Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the CrowdStrike CCFR CCFR-201b Questions and answers with CertsForce

Viewing page 5 out of 6 pages
Viewing questions 41-50 out of questions
Questions # 41:

To manage the lifecycle of security incidents and review new alerts, a responder must navigate through the Falcon sidebar to which specific location?

Options:

A.

Investigate > Host Search > Alerts


B.

Endpoint Security > Monitor > Endpoint Detections


C.

Configuration > Security Policies > Detections


D.

Dashboards > Global Activity > Security Alerts


Expert Solution
Questions # 42:

What does the Full Detection Details option provide?

Options:

A.

It provides a visualization of program ancestry via the Process Tree View


B.

It provides a visualization of program ancestry via the Process Activity View


C.

It provides detailed list of detection events via the Process Table View


D.

It provides a detailed list of detection events via the Process Tree View


Expert Solution
Questions # 43:

In the ' Graph View ' of a detection, processes are connected by arrows. Which of the following does a yellow arrow connecting two processes indicate?

Options:

A.

A standard Parent-Child relationship.


B.

A Network connection was established between the two processes.


C.

A Thread Injector-Injectee relationship (Process Injection).


D.

A file was written by the first process and read by the second.


Expert Solution
Questions # 44:

Which of the following is NOT a filter available on the Detections page?

Options:

A.

Severity


B.

CrowdScore


C.

Time


D.

Triggering File


Expert Solution
Questions # 45:

You can jump to a Process Timeline from many views, like a Hash Search, by clicking which of the following?

Options:

A.

ProcessTimeline Link


B.

PID


C.

UTCtime


D.

Process ID or Parent Process ID


Expert Solution
Questions # 46:

What does pivoting to an Event Search from a detection do?

Options:

A.

It gives you the ability to search for similar events on other endpoints quickly


B.

It takes you to the raw Insight event data and provides you with a number of Event Actions


C.

It takes you to a Process Timeline for that detection so you can see all related events


D.

It allows you to input an event type, such as DNS Request or ASEP write, and search for those events within the detection


Expert Solution
Questions # 47:

When navigating the main ' Detections ' page, several filters are available in the dropdown menu. Which of the following is NOT a filter available in this menu?

Options:

A.

Severity


B.

Tactic


C.

Location tag


D.

Status


Expert Solution
Questions # 48:

An executive asks for a definition of ' CrowdScore ' . Which of the following sentences best describes what CrowdScore is?

Options:

A.

It is a ranking system that compares your organization’s security to other companies.


B.

It is a metric designed to show an organization ' s threat level on a continual basis by aggregating related detections.


C.

It is the total number of detections that have been resolved within the last 24 hours.


D.

It is a measure of the total processing power being used by the Falcon sensors globally.


Expert Solution
Questions # 49:

If the Falcon sensor identifies suspicious behavioral patterns—such as a process attempting to dump memory from lsass.exe—what specific type of detection will be generated?

Options:

A.

Indicator of Compromise (IOC)


B.

Indicator of Attack (IOA)


C.

Known Malware Alert


D.

Intelligence Data Match


Expert Solution
Questions # 50:

You are tasked with remediating adware for a host using a custom script via Real Time Response (RTR). When running the script, you get an error that the script is timing out.

How can you resolve this issue?

Options:

A.

Set the -timeout argument to off


B.

Set the -timeout argument to a longer period


C.

Rerun the script


D.

Change the timeout policy in the console settings


Expert Solution
Viewing page 5 out of 6 pages
Viewing questions 41-50 out of questions