Back

Practice Free CCFR-201b Exam Online Questions

Question #31

In the context of event investigation, what role does ‘forensic analysis’ play?

  • A . It focuses on improving team communication
  • B . It analyzes the financial impact of an incident
  • C . It helps in recovering lost data
  • D . It examines evidence to determine what happened

Reveal Solution Hide Solution

Correct Answer: D
Question #32

What is the maximum timeframe you can search in CrowdStrike Falcon for historical event data?

  • A . 30 days
  • B . 60 days
  • C . 90 days
  • D . 180 days

Reveal Solution Hide Solution

Correct Answer: C
Question #33

Which of the following components is not part of the MITRE ATT&CK® Framework?

  • A . Techniques
  • B . Procedures
  • C . Threat actors
  • D . Policies

Reveal Solution Hide Solution

Correct Answer: D
Question #34

Which of the following best describes the ‘Initial Access’ tactic in the MITRE ATT&CK® Framework?

  • A . The methods adversaries use to maintain access to a target
  • B . The methods adversaries use to gain execution on a target
  • C . The techniques used for developing and deploying malware
  • D . The techniques adversaries use to enter a network or system

Reveal Solution Hide Solution

Correct Answer: D
Question #35

What is the primary purpose of the MITRE ATT&CK® Framework?

  • A . To provide an open-source software tool for incident response
  • B . To document techniques and tactics used by adversaries
  • C . To offer a web-based interface for threat intelligence sharing
  • D . To serve as a repository for malware samples

Reveal Solution Hide Solution

Correct Answer: B
Question #36

Which command in Falcon RTR can you use to gather system information from an endpoint?

  • A . ps
  • B . fetch
  • C . get_system_info
  • D . ipconfig

Reveal Solution Hide Solution

Correct Answer: C
Question #37

Which language is primarily used for writing custom queries within CrowdStrike Falcon?

  • A . SQL
  • B . Python
  • C . Falcon Query Language (FQL)
  • D . JavaScript

Reveal Solution Hide Solution

Correct Answer: C
Question #38

What is the maximum number of endpoints that can be included in a single RTR session?

  • A . 5
  • B . 10
  • C . 50
  • D . Unlimited

Reveal Solution Hide Solution

Correct Answer: D
Question #39

Which of the following describes the "Live Terminal" feature in Falcon RTR?

  • A . A way to visualize network traffic live
  • B . A command-line interface for interacting with an endpoint in real-time
  • C . A platform for developing applications
  • D . A dashboard for creating reports

Reveal Solution Hide Solution

Correct Answer: B
Question #40

Which event type is NOT searchable in CrowdStrike Falcon?

  • A . Process creation
  • B . Process termination
  • C . File delete
  • D . User login

Reveal Solution Hide Solution

Correct Answer: C