CCFR-201B Exam Questions
70 real CCFR-201B exam questions with expert-verified answers and explanations. Page 2 of 2.
- Question #51
What is an advantage of using a Process Timeline?
- Question #52
What action is used when you want to save a prevention hash for later use?
- Question #53
You receive an email from a third-party vendor that one of their services is compromised, the vendor names a specific IP address that the compromised service was using. Where would...
- Question #54
You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible proces...
- Question #55
How long are quarantined files stored in the CrowdStrike Cloud?
- Question #56
You are notified by a third-party that a program may have redirected traffic to a malicious domain. Which Falcon page will assist you in searching for any domain request informatio...
- Question #57
What information is contained within a Process Timeline?
- Question #58
Sensor Visibility Exclusion patterns are written in which syntax?
- Question #59
In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?
- Question #60
What happens when a quarantined file is released?
- Question #61
Advanced Event Search in Falcon supports a look-back period of up to __________ days depending on the retention policy.
- Question #62
Which two detection filtering options are available in the Endpoint Security > Endpoint Detections page? (Choose two)
- Question #63
What would be a logical next step after identifying an unmanaged host in Host Search?
- Question #64
Which search type should be used to investigate whether a suspicious executable has affected multiple hosts?
- Question #65
When reviewing an internal IP address via IP Search, which fields would help determine potential lateral movement? (Choose two)
- Question #66
What is the default port used by Falcon RTR to establish a connection with a managed host?
- Question #67
Which Falcon feature allows responders to assign specific actions to detections such as "Allow" or "Block and Hide"?
- Question #68
User Search can help correlate suspicious behavior by showing all of the following except:
- Question #69
You're investigating suspicious behavior linked to a user. Which key indicators should you examine in the User Search view to assess the threat context? (Choose two)
- Question #70
When viewing detection information, which component provides granular details like command- line arguments and file paths?