Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CCFR-201b Exam Dumps - CrowdStrike Certified Falcon Responder

Searching for workable clues to ace the CrowdStrike CCFR-201b Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CCFR-201b PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 17

While reviewing the ' Detection Method ' field for a high-severity alert, a responder sees the label ' Post-Exploit ' . This terminology is used by CrowdStrike to identify a specific:

A.

Falcon Detection Method

B.

MITRE Tactic

C.

Indicator of Attack (IOA)

D.

Prevention Policy Level

Full Access
Question # 18

What happens when a hash is allowlisted?

A.

Execution is prevented, but detection alerts are suppressed

B.

Execution is allowed on all hosts, including all other Falcon customers

C.

The hash is submitted for approval to be allowed to execute once confirmed by Falcon specialists

D.

Execution is allowed on all hosts that fall under the organization ' s CID

Full Access
Question # 19

After an investigation, the following malicious artifacts have been identified:

    C:\Users*\AppData\iamnotmalware.exe

    C:\Users*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iamnotmalware.lnk

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iamnotmalware_really

What method will remove all associated artifacts from hosts that trigger future related detections?

A.

Create a Quarantine Rule that will quarantine all identified artifacts across the entire environment

B.

Create Custom IOA rules to prevent the execution of these artifacts

C.

Create a workflow to trigger on a new endpoint detection, query the telemetry data of the endpoint for known artifacts, and select Remove All Associated Artifacts as an action

D.

Create a workflow to trigger on a new endpoint detection, conditions that match the detection, and as an action a PowerShell script to kill associated processes and remove all artifacts

Full Access
Question # 20

Which option indicates a hash is allowlisted?

A.

No Action

B.

Allow

C.

Ignore

D.

Always Block

Full Access
Question # 21

What is the difference between Managed and Unmanaged Neighbors in the Falcon console?

A.

A managed neighbor is currently network contained and an unmanaged neighbor is uncontained

B.

A managed neighbor has an installed and provisioned sensor

C.

An unmanaged neighbor is in a segmented area of the network

D.

A managed sensor has an active prevention policy

Full Access
Question # 22

Where can you find hosts that are in Reduced Functionality Mode?

A.

Event Search

B.

Executive Summary dashboard

C.

Host Search

D.

Installation Tokens

Full Access
Question # 23

A responder is unsure about the difference between ' Detection ' and ' Prevention ' settings. Where can they find information about Detection and Prevention Policies?

A.

On the public CrowdStrike blog.

B.

In the Support page under the Docs section.

C.

By clicking the ' About ' button in the user profile.

D.

In the training videos on the main Dashboard.

Full Access
Question # 24

When viewing the main ' Quarantine ' dashboard to manage blocked files, which of the following pieces of information CANNOT be seen by default?

A.

Filename

B.

Host Name

C.

Hash

D.

Date Quarantined

Full Access
Go to page: