Create Next App

crowdstrike CCFR_201

Custom view settings

Exam contains 60 questions

Page 6 of 10

Question 31 🔥

What is the difference between Managed and Unmanaged Neighbors in the Falcon console?

Which database solution meets these requirements?

A. A managed neighbor is currently network contained and an unmanaged neighbor is uncontained

Highly voted

B. A managed neighbor has an installed and provisioned sensor

Highly voted

C. An unmanaged neighbor is in a segmented area of the network

Highly voted

D. A managed sensor has an active prevention policy

Highly voted

Discussion of the question

Question 32 🔥

What is an advantage of using the IP Search tool?

Which database solution meets these requirements?

A. IP searches provide manufacture and timezone data that can not be accessed anywhere else

Highly voted

B. IP searches allow for multiple comma separated IPv6 addresses as input

Highly voted

C. IP searches offer shortcuts to launch response actions and network containment on target hosts

Highly voted

D. IP searches provide host, process, and organizational unit data without the need to write a query

Highly voted

Discussion of the question

Question 33 🔥

What happens when you open the full detection details?

Which database solution meets these requirements?

A. The process explorer opens and the detection is removed from the console

Highly voted

B. The process explorer opens and you’re able to view the processes and process relationships

Highly voted

C. The process explorer opens and the detection copies to the clipboard

Highly voted

D. The process explorer opens and the Event Search query is run for the detection

Highly voted

Discussion of the question

Question 34 🔥

After pivoting to an event search from a detection, you locate the ProcessRollup2 event. Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?

Which database solution meets these requirements?

A. SHA256 and TargetProcessId_decimal

Highly voted

B. SHA256 and ParentProcessId_decimal

Highly voted

C. aid and ParentProcessId_decimal

Highly voted

D. aid and TargetProcessId_decimal

Highly voted

Discussion of the question

Question 35 🔥

Which of the following is NOT a valid event type?

Which database solution meets these requirements?

A. StartofProcess

Highly voted

B. EndofProcess

Highly voted

C. ProcessRollup2

Highly voted

D. DnsRequest

Highly voted

Discussion of the question

Question 36 🔥

When examining raw event data, what is the purpose of the field called ParentProcessId_decimal?

Which database solution meets these requirements?

A. It contains an internal value not useful for an investigation

Highly voted

B. It contains the TargetProcessId_decimal value of the child process

Highly voted

C. It contains the SensorId_decimal value for related events

Highly voted

D. It contains the TargetProcessId_decimal of the parent process

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

crowdstrike CCFR_201

Exam contains 60 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us