Practice Free CCFR-201b Exam Online Questions
The __________ feature helps determine if a file hash has been observed in other detections across multiple hosts.
- A . Process Explorer
- B . IOC Management
- C . Hash Search
- D . Host Timeline
Which of the following is returned from the IP Search tool?
- A . IP Summary information from Falcon events containing the given IP
- B . Threat Graph Data for the given IP from Falcon sensors
- C . Unmanaged host data from system ARP tables for the given IP
- D . IP Detection Summary information for detection events containing the given IP
A
Explanation:
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the IP Search tool allows you to search for an IP address and view a summary of information from Falcon events that contain that IP address1. The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, and geolocation of the host that communicated with that IP address1.
Which of the following is a key capability provided by Falcon Real Time Response (RTR)?
- A . Behavioral analytics for unmanaged endpoints
- B . Remote script execution for incident remediation
- C . Role-based access control for cloud user groups
- D . Sensor update automation for multiple hosts
You are notified by a third-party that a program may have redirected traffic to a malicious domain.
Which Falcon page will assist you in searching for any domain request information related to this notice?
- A . Falcon X
- B . Investigate
- C . Discover
- D . Spotlight
B
Explanation:
According to the [CrowdStrike website], the Investigate page is where you can search for and analyze various types of data collected by the Falcon platform, such as events, hosts, processes, hashes, domains, IPs, etc1. You can use various tools, such as Event Search, Host Search, Process Timeline, Hash Search, Bulk Domain Search, etc., to perform different types of searches and view the results in different ways1. If you want to search for any domain request information related to a notice from a third-party, you can use the Investigate page to do so1. For example, you can use the Bulk Domain Search tool to search for the malicious domain and see which hosts and processes communicated with it1. You can also use the Event Search tool to search for DNS Request events that contain the malicious domain and see more details about the query and response1.
Which of the following is NOT a category within the MITRE ATT&CK® Framework?
- A . Initial Access
- B . Execution
- C . Detonation
- D . Impact
Which of the following describes the "Live Terminal" feature in Falcon RTR?
- A . A way to visualize network traffic live
- B . A command-line interface for interacting with an endpoint in real-time
- C . A platform for developing applications
- D . A dashboard for creating reports
Which of the following search filters can be applied in Falcon to narrow down results?
- A . Time Range
- B . Usernames
- C . Event Types
- D . All of the above
Sensor Visibility Exclusion patterns are written in which syntax?
- A . Glob Syntax
- B . Kleene Star Syntax
- C . RegEx
- D . SPL(Splunk)
A
Explanation:
According to the [CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide], Sensor Visibility Exclusions allow you to exclude files or directories from being monitored by the sensor. This can reduce the amount of data sent to the CrowdStrike Cloud and improve performance. Sensor Visibility Exclusion patterns are written in Glob Syntax, which is a simple pattern matching syntax that supports wildcards, such as *, ?, and . For example, you can use *.exe to exclude all files with .exe extension.
Which two detection filtering options are available in the Endpoint Security > Endpoint Detections page? (Choose two)
- A . Threat actor
- B . Tactic
- C . Host group
- D . Command hash
Which two Falcon features help visualize detections over time? (Choose two)
- A . Full Detection View
- B . Activity Dashboard
- C . Process Timeline
- D . Host Management Console