Practice Free CCFR-201b Exam Online Questions
What information can you view about an endpoint in Falcon RTR during a live session?
- A . Network configuration
- B . File system layout
- C . Active user sessions
- D . All of the above
What is the primary purpose of Falcon Real Time Response (RTR)?
- A . To analyze historical incident data
- B . To provide real-time remote engineering capabilities
- C . To manage user access and permissions
- D . To monitor network traffic
Which of the following is a key step in the event investigation process?
- A . Ignoring system alerts
- B . Collecting and preserving evidence
- C . Rebooting affected systems
- D . Documenting marketing strategies
What is the default time range when initiating an event search in CrowdStrike Falcon?
- A . Last 24 hours
- B . Last 7 days
- C . All time
- D . Last 30 days
What is a key benefit of using Falcon RTR over traditional incident response methods?
- A . It requires less training
- B . It provides physical access to the endpoint
- C . It enables immediate response without needing to deploy agents
- D . It operates without internet connectivity
In the MITRE ATT&CK® Framework, what does the tactic “Credential Access” involve?
- A . Gaining access to a target system
- B . Harvesting account names and passwords
- C . Escalating privileges within the system
- D . Establishing persistence
Which format does the MITRE ATT&CK® Framework provide for sharing its information?
- A . JSON, XML, and CSV
- B . PDF and PowerPoint presentations
- C . Markdown and HTML
- D . Excel spreadsheets and Word documents
What is the main advantage of using the MITRE ATT&CK® Framework for threat hunting?
- A . It provides a list of every possible technical solution.
- B . It enables a focused approach based on real-world attack patterns.
- C . It guarantees successful incident response.
- D . It eliminates all cybersecurity risks.
When executing a command within Falcon RTR, what is the expected behavior for long-running processes?
- A . They will timeout immediately
- B . They will continue running until the endpoint is rebooted
- C . They will be interrupted
- D . The command will run in the background
Which of the following is a key benefit of using a cloud-based detection solution like CrowdStrike?
- A . Increased hardware costs
- B . Dependency on local storage
- C . Real-time visibility and updates
- D . Manual software installations