Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

CrowdStrike Certified Falcon Responder CCFR-201b Question # 3 Topic 1 Discussion

CrowdStrike Certified Falcon Responder CCFR-201b Question # 3 Topic 1 Discussion

CCFR-201b Exam Topic 1 Question 3 Discussion:
Question #: 3
Topic #: 1

After an investigation, the following malicious artifacts have been identified:

    C:\Users*\AppData\iamnotmalware.exe

    C:\Users*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iamnotmalware.lnk

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iamnotmalware_really

What method will remove all associated artifacts from hosts that trigger future related detections?


A.

Create a Quarantine Rule that will quarantine all identified artifacts across the entire environment


B.

Create Custom IOA rules to prevent the execution of these artifacts


C.

Create a workflow to trigger on a new endpoint detection, query the telemetry data of the endpoint for known artifacts, and select Remove All Associated Artifacts as an action


D.

Create a workflow to trigger on a new endpoint detection, conditions that match the detection, and as an action a PowerShell script to kill associated processes and remove all artifacts


Get Premium CCFR-201b Questions

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.