[Full-Version] 2023 New CCFR-201 Actual Exam Dumps, CrowdStrike Practice Test [Q12-Q32]

October 13, 2023 examdumps 0 Comment

Tags: CCFR-201 latest exam pdf, CCFR-201 reliable test bootcamp, CCFR-201 reliable test question, CCFR-201 test lab questions

4.7/5 - (12 votes)

[Full-Version] 2023 New CCFR-201 Actual Exam Dumps, CrowdStrike Practice Test

Study HIGH Quality CCFR-201 Free Study Guides and Exams Tutorials

Q12. What are Event Actions?

Automated searches that can be used to pivot between related events and searches

Pivotable hyperlinks available in a Host Search

Custom event data queries bookmarked by the currently signed in Falcon user

Raw Falcon event data

Q13. What do IOA exclusions help you achieve?

Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy

Reduce false positives of behavioral detections from IOA based detections only

Reduce false positives of behavioral detections from IOA based detections based on a file hash

Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

Q14. You are notified by a third-party that a program may have redirected traffic to a malicious domain. Which Falcon page will assist you in searching for any domain request information related to this notice?

Falcon X

Investigate

Discover

Spotlight

Q15. After pivoting to an event search from a detection, you locate the ProcessRollup2 event. Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?

SHA256 and TargetProcessld_decimal

SHA256 and ParentProcessld_decimal

aid and ParentProcessld_decimal

aid and TargetProcessld_decimal

Q16. From a detection, what is the fastest way to see children and sibling process information?

Select the Event Search option. Then from the Event Actions, select Show Associated Event Data (From TargetProcessld_decimal)

Select Full Detection Details from the detection

Right-click the process and select “Follow Process Chain”

Select the Process Timeline feature, enter the AID. Target Process ID, and Parent Process ID

Q17. What information is contained within a Process Timeline?

All cloudable process-related events within a given timeframe

All cloudable events for a specific host

Only detection process-related events within a given timeframe

A view of activities on Mac or Linux hosts

Q18. The function of Machine Learning Exclusions is to___________.

stop all detections for a specific pattern ID

stop all sensor data collection for the matching path(s)

Stop all Machine Learning Preventions but a detection will still be generated and files will still be uploaded to the CrowdStrike Cloud

stop all ML-based detections and preventions for the matching path(s) and/or stop files from being uploaded to the CrowdStrike Cloud

Q19. Which Executive Summary dashboard item indicates sensors running with unsupported versions?

Detections by Severity

Inactive Sensors

Sensors in RFM

Active Sensors

Q20. The Process Activity View provides a rows-and-columns style view of the events generated in a detection.
Why might this be helpful?

The Process Activity View creates a consolidated view of all detection events for that process that can be exported for further analysis

The Process Activity View will show the Detection time of the earliest recorded activity which might indicate first affected machine

The Process Activity View only creates a summary of Dynamic Link Libraries (DLLs) loaded by a process

The Process Activity View creates a count of event types only, which can be useful when scoping the event

Q21. What types of events are returned by a Process Timeline?

Only detection events

All cloudable events

Only process events

Only network events

Q22. What does pivoting to an Event Search from a detection do?

It gives you the ability to search for similar events on other endpoints quickly

It takes you to the raw Insight event data and provides you with a number of Event Actions

It takes you to a Process Timeline for that detection so you can see all related events

It allows you to input an event type, such as DNS Request or ASEP write, and search for those events within the detection

Q23. How long does detection data remain in the CrowdStrike Cloud before purging begins?

90 Days

45 Days

30 Days

14 Days

Q24. How long are quarantined files stored in the CrowdStrike Cloud?

45 Days

90 Days

Days

Quarantined files are not deleted

Q25. When reviewing a Host Timeline, which of the following filters is available?

Severity

Event Types

User Name

Detection ID

Q26. How are processes on the same plane ordered (bottom ‘VMTOOLSD.EXE’ to top CMD.EXE’)?

Process ID (Descending, highest on bottom)

Time started (Descending, most recent on bottom)

Time started (Ascending, most recent on top)

Process ID (Ascending, highest on top)

Q27. When examining a raw DNS request event, you see a field called ContextProcessld_decimal. What is the purpose of that field?

It contains the TargetProcessld_decimal value for other related events

It contains an internal value not useful for an investigation

It contains the ContextProcessld_decimal value for the parent process that made the DNS request

It contains the TargetProcessld_decimal value for the process that made the DNS request

Q28. Which is TRUE regarding a file released from quarantine?

No executions are allowed for 14 days after release

It is allowed to execute on all hosts

It is deleted

It will not generate future machine learning detections on the associated host

Q29. In the Hash Search tool, which of the following is listed under Process Executions?

Operating System

File Signature

Command Line

Sensor Version

Q30. The primary purpose for running a Hash Search is to:

determine any network connections

review the processes involved with a detection

determine the origin of the detection

review information surrounding a hash’s related activity

Q31. Aside from a Process Timeline or Event Search, how do you export process event data from a detection in
.CSV format?

You can’t export detailed event data from a detection, you have to use the Process Timeline or an Event Search

In Full Detection Details, you expand the nodes of the process tree you wish to expand and then click the “Export Process Events” button

In Full Detection Details, you choose the “View Process Activity” option and then export from that view

From the Detections Dashboard, you right-click the event type you wish to export and choose CSV.JSON or XML

Q32. What action is used when you want to save a prevention hash for later use?

Always Block

Never Block

Always Allow

No Action

Get 100% Real Free CrowdStrike CCFR CCFR-201 Sample Questions: https://www.dumpsmaterials.com/CCFR-201-real-torrent.html

[Full-Version] 2023 New CCFR-201 Actual Exam Dumps, CrowdStrike Practice Test [Q12-Q32]

Leave a Reply Cancel reply

Related Post

Mar-2024 CrowdStrike CCFA-200 Certification Real 2024 Mock Exam [Q30-Q47]