Practice Free CCFR-201b Exam Online Questions
In Falcon RTR, which command can be used to gather evidence from a remote endpoint?
- A . Run
- B . Collect
- C . Snapshot
- D . Investigate
In the Event Search, what format can results be exported in?
- A . CSV
- B . JSON
- C . XML
- D . All of the above
Which of the following factors can hinder effective detection analysis?
- A . High-quality data sources
- B . Skilled analysts
- C . Poor configuration of detection tools
- D . Regular updates to detection rules
When using Falcon Search, what should you do to refine your search results further?
- A . Add additional keyword filters
- B . Change the time zone
- C . Use the same keywords repeatedly
- D . Limit your actions to just one endpoint
Which of the following operators can be used in a search query to exclude certain terms?
- A . +
- B . –
- C . *
- D . /
What kind of information can you retrieve in an event search?
- A . Malware signatures
- B . User login history
- C . Device network configurations
- D . Event details including timestamps, severity, and action taken
Which type of information is crucial when documenting an incident during an investigation?
- A . Social media accounts of affected users
- B . Timeline of events
- C . Employee performance reviews
- D . Software installation dates
What type of data does CrowdStrike Falcon primarily use for detection analysis?
- A . Network traffic data
- B . Endpoint activity data
- C . Cloud service logs
- D . Email metadata
What is the significance of identifying the "root cause" of an incident?
- A . It helps in creating a public relations plan
- B . It allows for proper system upgrades
- C . It aids in preventing future incidents
- D . It increases employee engagement
During an investigation, why is it important to correlate data from multiple sources?
- A . To reduce false positives
- B . To simplify the investigation process
- C . To increase data redundancy
- D . To enhance user experience