Practice Free CCFR-201b Exam Online Questions
Which scenario justifies using Host Timeline over Process Timeline?
- A . Investigating a single parent process only
- B . Correlating telemetry from one process
- C . Reviewing endpoint-wide events across all users
- D . Capturing web traffic behavior
Which Falcon capability provides managed threat hunting and analysis of recent security events?
- A . Falcon Insights
- B . Falcon Prevent
- C . Falcon OverWatch
- D . Falcon Device Control
Which of the following contextual data is NOT typically included in a Falcon detection?
- A . Domain names
- B . IP addresses
- C . Disk usage metrics
- D . File hashes
Which situation would make the use of Falcon RTR particularly important?
- A . Initial deployment of a new system
- B . Responding to a confirmed breach or threat
- C . Conducting a periodic security review
- D . Implementing new software
Which tool would you use to investigate whether a domain is associated with malicious activity?
- A . Bulk Domain Search
- B . Host Timeline
- C . Process Explorer
- D . IOC Manager
Which three types of visualizations are available for process analysis in Falcon? (Choose three)
- A . View as Process Tree
- B . View as Host Map
- C . View as Process Table
- D . View as Process Activity
What is the primary purpose of the Falcon Query Language (FQL)?
- A . To write scripts for automation
- B . To generate reports
- C . To search and filter data from endpoint logs
- D . To communicate with support
How can Falcon RTR help in responding to an indicator of compromise (IOC)?
- A . It provides a list of all software updates
- B . It allows you to search for file hashes
- C . It enables real-time actions like isolating an endpoint
- D . It automatically patches vulnerabilities
What is the maximum default timeframe available for historical event searches in CrowdStrike Falcon?
- A . 30 days
- B . 60 days
- C . 90 days
- D . 180 days
Which of the following use cases best justifies using the Bulk Domain Search tool?
- A . Investigating a failed login
- B . Searching across domains used by phishing campaigns
- C . Reviewing endpoint configuration
- D . Listing sensor versions by hostname