Practice Free CCFR-201b Exam Online Questions
In Falcon RTR, what is the purpose of the ‘upload’ command?
- A . To send malware to the endpoint
- B . To pull files from the incident data
- C . To move selected files to a secure location
- D . To share data with third-party tools
In CrowdStrike Falcon, what type of search can you perform to identify anomalies in user account activities?
- A . Regular search
- B . Alert search
- C . Anomaly search
- D . Event search
Which tool can be used to analyze recent security events in the Falcon platform?
- A . Falcon Insights
- B . Falcon Prevent
- C . Falcon OverWatch
- D . Falcon Device Control
Which of the following steps should be taken last in an event investigation process?
- A . Collect evidence
- B . Analyze the evidence
- C . Remediate the incident
- D . Document findings
What is a recommended practice when collecting evidence during an event investigation?
- A . Collecting evidence freely without documentation
- B . Following a structured evidence collection process
- C . Only focusing on certain systems
- D . Discarding temporary files
What type of threat is characterized by an attacker gaining unauthorized access to a system and maintaining a presence?
- A . DDoS attack
- B . Insider threat
- C . Advanced Persistent Threat (APT)
- D . Phishing attack
In the context of event investigation, what does the term "root cause analysis" refer to?
- A . The process of reinstalling software
- B . Identifying the underlying reason for an issue
- C . Updating systems to mitigate vulnerabilities
- D . Backing up data before an incident
When analyzing events in CrowdStrike Falcon, which data type is most commonly used to understand user interactions?
- A . System logs
- B . Process activity logs
- C . Network traffic logs
- D . Application logs
Which of the following is NOT a tactic in the MITRE ATT&CK® Framework?
- A . Lateral Movement
- B . Collection
- C . Exposure
- D . Command and Control
In CrowdsStrike Falcon, what does the term "Event Search" primarily refer to?
- A . Searching through user activities only
- B . Finding specific security-related events in collected telemetry
- C . Analyzing performance metrics
- D . Generating system reports