CrowdStrike CCFR-201 - CrowdStrike Certified Falcon Responder Exam

Page:    1 / 12   
Total 60 questions

Where can you find hosts that are in Reduced Functionality Mode?

  • A. Event Search
  • B. Executive Summary dashboard
  • C. Host Search
  • D. Installation Tokens


Answer : C

When reviewing a Host Timeline, which of the following filters is available?

  • A. Severity
  • B. Event Types
  • C. User Name
  • D. Detection ID


Answer : B

How does a DNSRequest event link to its responsible process?

  • A. Via both its ContextProcessId_decimal and ParentProcessId_decimal fields
  • B. Via its ParentProcessId_decimal field
  • C. Via its ContextProcessId_decimal field
  • D. Via its TargetProcessId_decimal field


Answer : C

What information does the MITRE ATT&CK Framework provide?

  • A. It provides best practices for different cybersecurity domains, such as Identify and Access Management
  • B. It provides a step-by-step cyber incident response strategy
  • C. It provides the phases of an adversary's lifecycle, the platforms they are known to attack, and the specific methods they use
  • D. It is a system that attributes attack techniques to a specific threat actor


Answer : C

Within the MITRE-Based Falcon Detections Framework, what is the correct way to interpret Keep Access > Persistence > Create Account?

  • A. An adversary is trying to keep access through persistence by creating an account
  • B. An adversary is trying to keep access through persistence using browser extensions
  • C. An adversary is trying to keep access through persistence using external remote services
  • D. An adversary is trying to keep access through persistence using application skimming


Answer : A

Page:    1 / 12   
Total 60 questions