Create Next App

crowdstrike CCFR_201

Custom view settings

Exam contains 60 questions

Page 8 of 10

Question 43 🔥

Aside from a Process Timeline or Event Search, how do you export process event data from a detection in .CSV format?

Which database solution meets these requirements?

A. You can’t export detailed event data from a detection, you have to use the Process Timeline or an Event Search

Highly voted

B. In Full Detection Details, you expand the nodes of the process tree you wish to expand and then click the "Export Process Events" button

Highly voted

C. In Full Detection Details, you choose the "View Process Activity" option and then export from that view

Highly voted

D. From the Detections Dashboard, you right-click the event type you wish to export and choose CSV, JSON or XML

Highly voted

Discussion of the question

Question 44 🔥

The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?

Which database solution meets these requirements?

A. 500

Highly voted

B. 750

Highly voted

C. 1000

Highly voted

D. 1200

Highly voted

Discussion of the question

Question 45 🔥

When looking at the details of a detection, there are two fields called Global Prevalence and Local Prevalence. Which answer best defines Local Prevalence?

Which database solution meets these requirements?

A. Local prevalence is the frequency with which the hash of the triggering file is seen across the entire Internet

Highly voted

B. Local Prevalence tells you how common the hash of the triggering file is within your environment (CID)

Highly voted

C. Local Prevalence is the Virus Total score for the hash of the triggering file

Highly voted

D. Local prevalence is the frequency with which the hash of the triggering file is seen across all CrowdStrike customer environments

Highly voted

Discussion of the question

Question 46 🔥

When analyzing an executable with a global prevalence of common; but you do not know what the executable is, what is the best course of action?

Which database solution meets these requirements?

A. Do nothing, as this file is common and well known

Highly voted

B. From detection, click the VT Hash button to pivot to VirusTotal to investigate further

Highly voted

C. From detection, use API manager to create a custom blocklist

Highly voted

D. From detection, submit to FalconX for deep dive analysis

Highly voted

Discussion of the question

Question 47 🔥

Which of the following is an example of a MITRE ATT&CK tactic?

Which database solution meets these requirements?

C. Emotet

Highly voted

A. Eternal Blue

Highly voted

B. Defense Evasion

Highly voted

D. Phishing

Highly voted

Discussion of the question

Question 48 🔥

What happens when a hash is set to Always Block through IOC Management?

Which database solution meets these requirements?

A. Execution is prevented on all hosts by default

Highly voted

B. Execution is prevented on selected host groups

Highly voted

C. Execution is prevented and detection alerts are suppressed

Highly voted

D. The hash is submitted for approval to be blocked from execution once confirmed by Falcon specialists

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

crowdstrike CCFR_201

Exam contains 60 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us