New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CCFR-201 Questions and Answers

Question # 6

You are notified by a third-party that a program may have redirected traffic to a malicious domain. Which Falcon page will assist you in searching for any domain request information related to this notice?

A.

Falcon X

B.

Investigate

C.

Discover

D.

Spotlight

Full Access
Question # 7

Which Executive Summary dashboard item indicates sensors running with unsupported versions?

A.

Detections by Severity

B.

Inactive Sensors

C.

Sensors in RFM

D.

Active Sensors

Full Access
Question # 8

When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?

A.

It contains an internal value not useful for an investigation

B.

It contains the TargetProcessld_decimal value of the child process

C.

It contains the Sensorld_decimal value for related events

D.

It contains the TargetProcessld_decimal of the parent process

Full Access
Question # 9

How long does detection data remain in the CrowdStrike Cloud before purging begins?

A.

90 Days

B.

45 Days

C.

30 Days

D.

14 Days

Full Access
Question # 10

What does the Full Detection Details option provide?

A.

It provides a visualization of program ancestry via the Process Tree View

B.

It provides a visualization of program ancestry via the Process Activity View

C.

It provides detailed list of detection events via the Process Table View

D.

It provides a detailed list of detection events via the Process Tree View

Full Access
Question # 11

You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?

A.

Identifies a detailed list of all process executions for the specified hashes

B.

Identifies hosts that loaded or executed the specified hashes

C.

Identifies users associated with the specified hashes

D.

Identifies detections related to the specified hashes

Full Access
Question # 12

What happens when you create a Sensor Visibility Exclusion for a trusted file path?

A.

It excludes host information from Detections and Incidents generated within that file path location

B.

It prevents file uploads to the CrowdStrike cloud from that file path

C.

It excludes sensor monitoring and event collection for the trusted file path

D.

It disables detection generation from that path, however the sensor can still perform prevention actions

Full Access
Question # 13

Which of the following is NOT a filter available on the Detections page?

A.

Severity

B.

CrowdScore

C.

Time

D.

Triggering File

Full Access
Question # 14

In the Hash Search tool, which of the following is listed under Process Executions?

A.

Operating System

B.

File Signature

C.

Command Line

D.

Sensor Version

Full Access
Question # 15

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

A.

ParentProcessld_decimal and aid

B.

ResponsibleProcessld_decimal and aid

C.

ContextProcessld_decimal and aid

D.

TargetProcessld_decimal and aid

Full Access
Question # 16

In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?

A.

Thedata is unable to be exported

B.

View as Process Tree

C.

View as Process Timeline

D.

View as Process Activity

Full Access
Question # 17

How are processes on the same plane ordered (bottom 'VMTOOLSD.EXE' to top CMD.EXE')?

A.

Process ID (Descending, highest on bottom)

B.

Time started (Descending, most recent on bottom)

C.

Time started (Ascending, most recent on top)

D.

Process ID (Ascending, highest on top)

Full Access
Question # 18

You can jump to a Process Timeline from many views, like a Hash Search, by clicking which of the following?

A.

ProcessTimeline Link

B.

PID

C.

UTCtime

D.

Process ID or Parent Process ID

Full Access