Back

Practice Free CCFR-201b Exam Online Questions

Question #81

When using the search tools in CrowdStrike Falcon, what is the maximum number of results that can typically be returned in a single query?

  • A . 100
  • B . 1,000
  • C . 10,000
  • D . 100,000

Reveal Solution Hide Solution

Correct Answer: C
Question #82

Which of the following types of events can be searched for in Falcon’s Event Search?

  • A . User logins
  • B . File modifications
  • C . Malware detection
  • D . All of the above

Reveal Solution Hide Solution

Correct Answer: D
Question #83

What is the primary purpose of the Event Search tool in CrowdStrike Falcon?

  • A . To manage user accounts
  • B . To analyze endpoint performance
  • C . To search and filter endpoint event data
  • D . To configure network settings

Reveal Solution Hide Solution

Correct Answer: C
Question #84

In the MITRE ATT&CK® framework, which of the following is a technique used for Credential Dumping?

  • A . Application Layer Protocol
  • B . Acquire Credentials
  • C . Credential Dumping
  • D . Data from Information Repositories

Reveal Solution Hide Solution

Correct Answer: C
Question #85

Which type of data is primarily examined during an event investigation?

  • A . Network traffic logs
  • B . User demographic data
  • C . Software installation records
  • D . Market research data

Reveal Solution Hide Solution

Correct Answer: A
Question #86

Which of the following is a benefit of using Falcon RTR in an incident response scenario?

  • A . It requires minimal network bandwidth
  • B . It is only available for Windows endpoints
  • C . It enables quick remediation of threats in real time
  • D . It automatically resolves all issues identified

Reveal Solution Hide Solution

Correct Answer: C
Question #87

In Falcon RTR, which of the following actions can you take to isolate an endpoint?

  • A . Block network traffic
  • B . Restart the machine
  • C . Change user permissions
  • D . Upgrade software

Reveal Solution Hide Solution

Correct Answer: A
Question #88

Which type of detection involves establishing a baseline of normal behavior and identifying anomalies?

  • A . Signature-based detection
  • B . Behavior-based detection
  • C . Heuristic-based detection
  • D . Protocol-based detection

Reveal Solution Hide Solution

Correct Answer: B
Question #89

What does a high volume of failed login attempts typically indicate?

  • A . Normal user behavior
  • B . User account lockout
  • C . Potential brute-force attack
  • D . Successful logins

Reveal Solution Hide Solution

Correct Answer: C
Question #90

Which detection technique relies on predefined rules and patterns?

  • A . Anomaly detection
  • B . Signature-based detection
  • C . Behavioral analysis
  • D . Heuristic analysis

Reveal Solution Hide Solution

Correct Answer: B