CrowdStrike - Celebrate 2025 with Discount Offer - Ends In 1d 00h 00m 00s Coupon code: Y2530OFF
  1. Home
  2. CrowdStrike
  3. CCFR-201 Dumps
  4. Free CCFR-201 Questions

Free Practice Questions for CrowdStrike CCFR-201 Exam

Pass4Future also provide interactive practice exam software for preparing CrowdStrike Certified Falcon Responder (CCFR-201) Exam effectively. You are welcome to explore sample free CrowdStrike CCFR-201 Exam questions below and also try CrowdStrike CCFR-201 Exam practice test software.

Page:    1 / 14   
Total 60 questions

Question 1

In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?



Answer : D

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Full Detection Details tool allows you to view detailed information about a detection, such as detection ID, severity, tactic, technique, description, etc1.You can also view the events generated by the processes involved in the detection in different ways, such as process tree, process timeline, or process activity1.The process activity view provides a rows-and-columns style view of the events, such as DNS requests, registry operations, network operations, etc1.You can also export this view to a CSV file for further analysis1.


Question 2

You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?



Answer : B

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Hash Execution Search tool allows you to search for one or more SHA256 hashes and view a summary of information from Falcon events that contain those hashes1.The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, and geolocation of the host that loaded or executed those hashes1.You can also see a count of detections and incidents related to those hashes1.


Question 3

What information is contained within a Process Timeline?



Answer : A

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Process Timeline tool allows you to view all cloudable events associated with a given process, such as process creation, network connections, file writes, registry modifications, etc1.You can specify a timeframe to limit the events to a certain period1.The tool works for any host platform, not just Mac or Linux1.


Question 4

Which of the following is NOT a filter available on the Detections page?



Answer : D

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, the Detections page allows you to view and manage detections generated by the CrowdStrike Falcon platform2.You can use various filters to narrow down the detections based on criteria such as severity, CrowdScore, time, tactic, technique, etc2.However, there is no filter for triggering file, which is the file that caused the detection2.


Question 5

The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?



Answer : C

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, the Falcon platform will show a maximum of 1000 detections per day for a single AID1.This is a limit imposed by the Falcon API, which is used to retrieve the detections from the CrowdStrike Cloud1.If there are more than 1000 detections per day for a single AID, only the first 1000 will be shown1.


Page:    1 / 14   
Total 60 questions