Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CrowdStrike CCFR-201

CrowdStrike CCFR-201 Exam Practice Questions (P. 2)

  • Full Access (60 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #6
When you configure and apply an IOA exclusion, what impact does it have on the host and what you see in the console?
  1. A
    The process specified is not sent to the Falcon Sandbox for analysis
  2. B
    The associated detection will be suppressed and the associated process would have been allowed to run
  3. C
    The sensor will stop sending events from the process specified in the regex pattern
  4. D
    The associated IOA will still generate a detection but the associated process would have been allowed to run

Correct Answer:
B
chatbot-img GPT-4o - Answer
When you set up an IOA (Indicator of Attack) exclusion in CrowdStrike Falcon, this action effectively suppresses the associated detection notifications and also allows the specified processes to run. This setting is crucial when you are dealing with false positives, or trusted applications that behave in a way which might normally trigger a detection. Exclusions help tailor Falcon's monitoring to better fit the context of your environment without compromising on necessary alerts.

Question #7
What are Event Actions?
  1. A
    Automated searches that can be used to pivot between related events and searches
  2. B
    Pivotable hyperlinks available in a Host Search
  3. C
    Custom event data queries bookmarked by the currently signed in Falcon user
  4. D
    Raw Falcon event data

Correct Answer:
B
chatbot-img GPT-4o - Answer
Great going! Event Actions in CrowdStrike terminology are indeed pivotable hyperlinks located within a Host Search. These hyperlinks are particularly useful because they allow users to navigate between events seamlessly, facilitating deeper investigations and quicker analyses. Even though some argue that Event Actions can pivot from an Event Search, as indicated by other resources, the primary association with Host Search is what we focus on for understanding the correct application in this context.

Question #8
Where are quarantined files stored on Windows hosts?
  1. A
    Windows\Quarantine
  2. B
    Windows\System32\Drivers\CrowdStrike\Quarantine
  3. C
    Windows\System32\
  4. D
    Windows\temp\Drivers\CrowdStrike\Quarantine

Correct Answer:
B
chatbot-img GPT-4o - Answer
In CrowdStrike environments, when files are flagged and quarantined by the system for security purposes, they're specifically stored in the "Windows\System32\Drivers\CrowdStrike\Quarantine" directory. This designated quarantine path ensures isolated storage, minimizing the risk of malicious file execution while retaining the files for further analysis or restoration if needed.

Question #9
How long does detection data remain in the CrowdStrike Cloud before purging begins?
  1. A
    90 Days
  2. B
    45 Days
  3. C
    30 Days
  4. D
    14 Days

Correct Answer:
A
chatbot-img GPT-4o - Answer
Absolutely on point—CrowdStrike indeed retains detection data in the cloud for a period of 90 days before it's scheduled for purging. This comprehensive span allows ample time for a thorough analysis and investigation of any detected threats. Remember, data on the host side is kept for a shorter duration, specifically 30 days, making cloud storage even more critical for ongoing security assessments.

Question #10
What is an advantage of using a Process Timeline?
  1. A
    Process related events can be filtered to display specific event types
  2. B
    Suspicious processes are color-coded based on their frequency and legitimacy over time
  3. C
    Processes responsible for spikes in CPU performance are displayed over time
  4. D
    A visual representation of Parent-Child and Sibling process relationships is provided

Correct Answer:
D
chatbot-img GPT-4o - Answer
The choice of using a Process Timeline primarily offers the advantage of providing a visual representation of Parent-Child and Sibling process relationships. This kind of visualization is especially beneficial for analysts as it allows them to see how processes interact with one another, how they were started, and the hierarchy of processes, which is crucial for a clear contextual understanding during an investigation of suspicious activities. This helps in tracing back the root and the sequence of events leading to an issue.

Previous Questions Next Questions

All Pages