Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Pass the CrowdStrike CCFR CCFR-201b Questions and answers with CertsForce

Viewing page 6 out of 6 pages
Viewing questions 51-60 out of questions
Questions # 51:

A responder decides to set a specific Custom IOA to the ' Monitor ' action. Which of the following sentences best describes the technical result of this choice?

Options:

A.

The sensor will block the activity and alert the user with a pop-up.


B.

The sensor will create detections with ' Informational ' severity but will not block the activity.


C.

The sensor will log the activity in the audit logs but will not generate a detection.


D.

The sensor will automatically isolate the host from the network.


Expert Solution
Questions # 52:

Multiple detections with the process schtasks.exe begin to alert in the UI. The process executes the following command line on several unique hosts:

schtasks.exe /Query /TN " Qljsscdqr "

What is the most efficient way to identify which hosts are executing this scheduled task?

Options:

A.

Filter detections by command line and sort by ' Host:A to Z '


B.

Filter detections by command line and group by triggering file


C.

Filter detections by the triggering file and sort by ' Host:A to Z '


D.

Filter detections by command line and group by host


Expert Solution
Questions # 53:

Which of the following statements about the ' Hash Search ' (Single Search) is TRUE?

Options:

A.

It can search for both files and registry keys simultaneously.


B.

It identifies the geographical location of the file ' s creator.


C.

The ' Hash Written History ' section is only available for SHA256 hashes.


D.

It is primarily used to isolate a host from the network.


Expert Solution
Questions # 54:

The ' Detection Resolutions ' dashboard helps track team performance. Which of the following CANNOT be seen from this dashboard?

Options:

A.

Average time to resolve a detection.


B.

Total number of detections resolved by each analyst.


C.

The top 10 hosts/users/files with the most detections.


D.

The breakdown of True Positive vs. False Positive resolutions.


Expert Solution
Questions # 55:

Bulk Search tools have several features in common. Which of the following is incorrect as a feature common to all Bulk Search types?

Options:

A.

They allow for searching multiple items (up to 500) at once.


B.

Regular Expressions (Regex) are allowed within the search fields.


C.

Search results can be exported for further analysis.


D.

They search across historical telemetry in the cloud.


Expert Solution
Questions # 56:

Which of the following is NOT a valid event type?

Options:

A.

StartofProcess


B.

EndofProcess


C.

ProcessRollup2


D.

DnsRequest


Expert Solution
Questions # 57:

The Falcon sensor can take several automated actions to protect an endpoint. Which of the following is NOT an action that Falcon takes upon detection?

Options:

A.

Process Termination


B.

File Quarantine


C.

Process Restart


D.

Network Isolation


Expert Solution
Questions # 58:

By default, when a file is quarantined by the Falcon sensor to prevent execution, how many days does that file remain on the host ' s local disk?

Options:

A.

7 days


B.

14 days


C.

30 days


D.

90 days


Expert Solution
Questions # 59:

What happens when a hash is allowlisted?

Options:

A.

Execution is prevented, but detection alerts are suppressed


B.

Execution is allowed on all hosts, including all other Falcon customers


C.

The hash is submitted for approval to be allowed to execute once confirmed by Falcon specialists


D.

Execution is allowed on all hosts that fall under the organization ' s CID


Expert Solution
Viewing page 6 out of 6 pages
Viewing questions 51-60 out of questions