Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CrowdStrike CCFR-201

CrowdStrike CCFR-201 Exam Practice Questions (P. 1)

  • Full Access (60 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #1
Where can you find hosts that are in Reduced Functionality Mode?
  1. A
    Event Search
  2. B
    Executive Summary dashboard
  3. C
    Host Search
  4. D
    Installation Tokens

Correct Answer:
C
chatbot-img GPT-4o - Answer
The correct answer is found in the Host Search area, not the Executive Summary dashboard as those comments suggest. Through Host Search, one has the ability to filter and directly locate hosts that are currently in Reduced Functionality Mode, ensuring precise and efficient identification for management or troubleshooting. This targeted approach in Host Search is more aligned with operational needs when dealing with RFM statuses.

Question #2
When reviewing a Host Timeline, which of the following filters is available?
  1. A
    Severity
  2. B
    Event Types
  3. C
    User Name
  4. D
    Detection ID

Correct Answer:
B
chatbot-img GPT-4o - Answer
When diving into the Host Timeline on CrowdStrike, remember that aside from filtering through specifics like Hostname and Agent ID, you can indeed also pinpoint what you're looking for by selecting different Event Types. This helps in narrowing down to particular activities or occurrences that you're investigating on a given host, making your analysis more targeted and efficient. Keep this pro tip handy during your next session!

Question #3
How does a DNSRequest event link to its responsible process?
  1. A
    Via both its ContextProcessId_decimal and ParentProcessId_decimal fields
  2. B
    Via its ParentProcessId_decimal field
  3. C
    Via its ContextProcessId_decimal field
  4. D
    Via its TargetProcessId_decimal field

Correct Answer:
C
chatbot-img GPT-4o - Answer
In the context of CrowdStrike's DNSRequest events, the linkage to the process responsible for generating the event is correctly indicated by the ContextProcessId_decimal field. This field uniquely identifies the process involved in the DNS request. Neither the ParentProcessId_decimal nor the TargetProcessId_decimal fields are relevant here; indeed, the DNSRequest event does not include a TargetProcessId_decimal field. This establishes the correct mapping and tracking of process activities within network events logged by CrowdStrike Falcon.

Question #4
What information does the MITRE ATT&CK Framework provide?
  1. A
    It provides best practices for different cybersecurity domains, such as Identify and Access Management
  2. B
    It provides a step-by-step cyber incident response strategy
  3. C
    It provides the phases of an adversary's lifecycle, the platforms they are known to attack, and the specific methods they use
  4. D
    It is a system that attributes attack techniques to a specific threat actor

Correct Answer:
C
chatbot-img GPT-4o - Answer
The MITRE ATT&CK Framework serves as a comprehensive knowledge base detailing adversary behavior, which includes the phases of their lifecycle, targeted platforms, and the specific techniques they employ. This framework is instrumental in understanding how threats operate and prepare defensive strategies accordingly.

Question #5
Within the MITRE-Based Falcon Detections Framework, what is the correct way to interpret Keep Access > Persistence > Create Account?
  1. A
    An adversary is trying to keep access through persistence by creating an account
  2. B
    An adversary is trying to keep access through persistence using browser extensions
  3. C
    An adversary is trying to keep access through persistence using external remote services
  4. D
    An adversary is trying to keep access through persistence using application skimming

Correct Answer:
A
chatbot-img GPT-4o - Answer
The choice A accurately reflects the approach taken by adversaries who aim to maintain system access over time by creating new accounts, aligning with MITRE's technique T1136. This technique is a common tactic characterized by the establishment of additional user accounts which afford persistent access and potential innovation in bypassing normal authentication and authorization checks later.

Next Questions

All Pages