Most Recent CrowdStrike CCFR-201 Exam Questions & Answers

Prepare for the CrowdStrike Certified Falcon Responder exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the CrowdStrike CCFR-201 exam and achieve success.

The questions for CCFR-201 were last updated on Nov 18, 2024.

Viewing page 1 out of 12 pages.
Viewing questions 1-5 out of 60 questions

Get All 60 Questions & Answers

Question No. 1

What happens when a hash is allowlisted?

AExecution is prevented, but detection alerts are suppressed

BExecution is allowed on all hosts, including all other Falcon customers

CThe hash is submitted for approval to be allowed to execute once confirmed by Falcon specialists

DExecution is allowed on all hosts that fall under the organization's CID

Show Answer

Correct Answer: D

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, the allowlist feature allows you to exclude files or directories from being scanned or blocked by CrowdStrike's machine learning engine or indicators of attack (IOAs)2.This can reduce false positives and improve performance2.When you allowlist a hash, you are allowing that file to execute on any host that belongs to your organization's CID (customer ID)2.This does not affect other Falcon customers or hosts outside your CID2.

Question No. 2

In the Hash Search tool, which of the following is listed under Process Executions?

AOperating System

BFile Signature

CCommand Line

DSensor Version

Show Answer

Correct Answer: C

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Hash Search tool allows you to search for one or more SHA256 hashes and view a summary of information from Falcon events that contain those hashes1.The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, geolocation, process name, command line, and organizational unit of the host that loaded or executed those hashes1.You can also see a count of detections and incidents related to those hashes1.Under Process Executions, you can see the process name and command line for each hash execution1.

Question No. 3

Which of the following is NOT a valid event type?

AStartofProcess

BEndofProcess

CProcessRollup2

DDnsRequest

Show Answer

Correct Answer: B

According to the [CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+], event types are categories of events that are generated by the sensor for various activities, such as process executions, file writes, registry modifications, network connections, etc. There are many valid event types, such as StartOfProcess, ProcessRollup2, DnsRequest, etc. However, EndOfProcess is not a valid event type, as there is no such event that records the end of a process.

Question No. 4

Which of the following is returned from the IP Search tool?

AIP Summary information from Falcon events containing the given IP

BThreat Graph Data for the given IP from Falcon sensors

CUnmanaged host data from system ARP tables for the given IP D. IP Detection Summary information for detection events containing the given IP

Show Answer

Correct Answer: A

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the IP Search tool allows you to search for an IP address and view a summary of information from Falcon events that contain that IP address1.The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, and geolocation of the host that communicated with that IP address1.

Question No. 5

How long are quarantined files stored in the CrowdStrike Cloud?

A45 Days

B90 Days

CDays

DQuarantined files are not deleted

Show Answer

Correct Answer: B

According to the [CrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide], when you quarantine a file from a host using IOC Management or Real Time Response (RTR), you are moving it from its original location to a secure location on the host where it cannot be executed. The file is also encrypted and renamed with a random string of characters. A copy of the file is also uploaded to the CrowdStrike Cloud for further analysis. Quarantined files are stored in the CrowdStrike Cloud for 90 days before they are deleted.

Unlock All Questions for CrowdStrike CCFR-201 Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 60 Questions & Answers