Practice Free CCFR-201b Exam Online Questions
What is the benefit of using the "Advanced Search" feature in the Event Search module?
- A . It allows for free-text searches only
- B . It streamlines queries using pre-defined templates
- C . It enables more complex filtering and querying
- D . It restricts results to specific time frames only
In the context of Falcon Query Language (FQL), what does the ‘timestamp’ field refer to?
- A . User login time
- B . The date and time an event occurred
- C . The last modified time for files
- D . The time a search query was executed
To which type of environments can Falcon RTR be deployed?
- A . Virtual and physical environments
- B . Only cloud-based environments
- C . On-premises only
- D . Hybrid only
What role does the ‘Event Type’ filter play in the Event Search process?
- A . It displays all hostnames
- B . It limits the view to a specific category of events
- C . It changes the interface language
- D . It downloads event data to your local machine
In the context of event investigation, what does the term “chain of events” refer to?
- A . The sequence of user interactions in an application
- B . The order of actions taken during an incident
- C . The timeline of system updates
- D . The order of commands used in scripting
What is a common indicator of compromise (IoC) that investigators look for in log files?
- A . IP address changes
- B . High CPU usage
- C . Password resets
- D . Unsuccessful login attempts
During an investigation, how can you ensure that user privacy is respected?
- A . Avoid documenting any user-related information
- B . Encrypt all collected data
- C . Only collect information that’s necessary and relevant
- D . Use automated scripts for data collection
When searching for events, what does it mean if you see a "detected" state in the event log?
- A . The event has been confirmed malicious
- B . The event is still under investigation
- C . A potential threat was identified
- D . The event has been resolved
What type of data can Falcon RTR capture from an endpoint?
- A . System logs
- B . Behavioral patterns
- C . Network traffic
- D . All of the above
If a user wants to search for events generated by a specific process name, which query format would they use?
- A . process_name:"malicious.exe"
- B . process_name=malicious.exe
- C . process_name!malicious.exe
- D . process_name~malicious.exe