Free CrowdStrike CCFR-201 Exam Questions

Become CrowdStrike Certified with updated CCFR-201 exam questions and correct answers

Page: 1 / 12

Total 60 Questions | Updated On: Nov 13, 2024

Add To Cart

Question 1

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

A : ParentProcessId_decimal and aid

B : ResponsibleProcessId_decimal and aid

C : ContextProcessId_decimal and aid

D : TargetProcessId_decimal and aid

Answer: B

Question 2

From a detection, what is the fastest way to see children and sibling process information?

A : Select the Event Search option. Then from the Event Actions, select Show Associated Event Data (From TargetProcessId_decimal)

B : Select Full Detection Details from the detection

C : Right-click the process and select "Follow Process Chain"

D : Select the Process Timeline feature, enter the AID, Target Process ID, and Parent Process ID

Answer: C

Question 3

You can jump to a Process Timeline from many views, like a Hash Search, by clicking which of the following?

A : ProcessTimeline Link

B : PID

C : UTC time

D : Process ID or Parent Process ID

Answer: B

Question 4

A list of managed and unmanaged neighbors for an endpoint can be found:

A : by using Hosts page in the Investigate tool

B : by reviewing "Groups" in Host Management under the Hosts page

C : under "Audit" by running Sensor Visibility Exclusions Audit

D : only by searching event data using Event Search

Answer: A

Question 5

The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?

A : 500

B : 750

C : 1000

D : 1200

Answer: C

Page: 1 / 12

Total 60 Questions | Updated On: Nov 13, 2024

Add To Cart