Practice Free CCFR-201b Exam Online Questions
In the context of detection analysis, what does TTP stand for?
- A . Target, Threat, Profile
- B . Tactics, Techniques, and Procedures
- C . Tools, Techniques, and Programs
- D . Threat, Tactics, and Protocols
Which tool is commonly used to analyze suspicious events in a system?
- A . Text editor
- B . Antivirus software
- C . Log management solution
- D . Web browser
In Falcon Search, what does the tag "suspicious behavior" typically indicate during a query?
- A . Malware installation
- B . Unusual process execution
- C . File encryption
- D . System reboot
Which option is crucial to ensure before using Falcon RTR commands on an endpoint?
- A . Check the application version
- B . Obtain permission to execute commands
- C . Update the antivirus definitions
- D . Confirm network stability
In the CrowdStrike Falcon event search, which keyword would you use to search for file-related events?
- A . file:
- B . process:
- C . filename:
- D . event.file:
Which of the following tools in CrowdStrike Falcon is best suited for live event monitoring?
- A . Falcon Sandbox
- B . Falcon Live Queries
- C . Falcon Insights
- D . Falcon Historical Search
What role does timestamps play in the Event Search process within CrowdStrike Falcon?
- A . They identify the user responsible for an action
- B . They help to correlate events over time
- C . They determine the severity of an event
- D . They are not used in Event Search
In the Event Search, what operator can you use to exclude specific terms from your search query?
- A . AND
- B . OR
- C . NOT
- D . XOR
What is the primary purpose of event investigation in cybersecurity?
- A . To identify and respond to threats
- B . To install security software
- C . To configure firewalls
- D . To perform software updates
Which of the following actions can be performed directly from the search tool interface in Falcon?
- A . Engage with support
- B . Manage user roles
- C . Download event data
- D . Change account settings