CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFR-201

Free CCFR-201 Exam Braindumps (page: 1)

Page 1 of 16
PDF with 60 Questions

After pivoting to an event search from a detection, you locate the ProcessRollup2 event.
Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?

  1. SHA256 and TargetProcessld_decimal
  2. SHA256 and ParentProcessld_decimal
  3. aid and ParentProcessld_decimal
  4. aid and TargetProcessld_decimal

Answer(s): D

Explanation:

According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Process Timeline search requires two parameters: aid (agent ID) and TargetProcessId_decimal (the decimal value of the process ID). These fields can be obtained from the ProcessRollup2 event, which contains information about processes that have executed on a host.



The function of Machine Learning Exclusions is to___________.

  1. stop all detections for a specific pattern ID
  2. stop all sensor data collection for the matching path(s)
  3. Stop all Machine Learning Preventions but a detection will still be generated and files will still be uploaded to the CrowdStrike Cloud
  4. stop all ML-based detections and preventions for the matching path(s) and/or stop files from being uploaded to the CrowdStrike Cloud

Answer(s): D

Explanation:

According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, Machine Learning Exclusions allow you to exclude files or directories from being scanned by CrowdStrike's machine learning engine, which can reduce false positives and improve performance. You can also choose whether to upload the excluded files to the CrowdStrike Cloud or not.



What happens when you create a Sensor Visibility Exclusion for a trusted file path?

  1. It excludes host information from Detections and Incidents generated within that file path location
  2. It prevents file uploads to the CrowdStrike cloud from that file path
  3. It excludes sensor monitoring and event collection for the trusted file path
  4. It disables detection generation from that path, however the sensor can still perform prevention actions

Answer(s): C

Explanation:

According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, Sensor Visibility Exclusions allow you to exclude certain files or directories from being monitored by the CrowdStrike sensor, which can reduce noise and improve performance. This means that no events will be collected or sent to the CrowdStrike Cloud for those files or directories.



What types of events are returned by a Process Timeline?

  1. Only detection events
  2. All cloudable events
  3. Only process events
  4. Only network events

Answer(s): B

Explanation:

According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Process Timeline search returns all cloudable events associated with a given process, such as process creation, network connections, file writes, registry modifications, etc. This allows you to see a comprehensive view of what a process was doing on a host.



Page 1 of 16



Post your Comments and Discuss CrowdStrike CCFR-201 exam with other Community members:

Saurabh commented on October 03, 2024
Super Course to go ahead
INDIA
upvote

solla maaten commented on October 03, 2024
just reviewing
Anonymous
upvote

DJ commented on October 03, 2024
This dump is still valid?
MALAYSIA
upvote

senan commented on October 03, 2024
salam bu ne suallardi bele
AZERBAIJAN
upvote

Rk commented on October 03, 2024
Good content
Anonymous
upvote

George commented on October 02, 2024
Focus on mastering designing scalable, resilient architectures and cost-optimization strategies using core AWS services for this SAA-C03 exam.
UNITED STATES
upvote

Esmaiel commented on October 02, 2024
This is a very good practice paper to get ready for exam. Helpful to me.
UNITED STATES
upvote

Fawad commented on October 02, 2024
The exam turned out to be very hard as stated by some users here. So there is no way to pass it unless you know the questions. And note that some of the answers in this exam dump PDF is not correct but the questions are legit.
EUROPEAN UNION
upvote

Moataz commented on October 02, 2024
I approve this exam dump. It is valid in UAE. I passed the test.
UNITED ARAB EMIRATES
upvote

JB commented on October 02, 2024
Thanks for the study material.
Anonymous
upvote

Nisino commented on October 02, 2024
After weeks of cramming and feeling overwhelmed, I ended up using this exam dumps as I badly needed to pass and it worked.
Netherlands
upvote

Hades commented on October 02, 2024
i hope this will help me pass
VIET NAM
upvote

Saboor commented on October 01, 2024
The answer to comment questions here: 1- Yes, The exam and it is very hard. 2- Yes, I passed this exam. But I did not just rely on this exam dumps but I had studied. Though I got most of these questions in my test. Good luck guys.
UNITED STATES
upvote

cota commented on October 01, 2024
não entendi
BRAZIL
upvote

Fakhro commented on October 01, 2024
Single try and passed. So good and usable document.
GERMANY
upvote

Chandra commented on October 01, 2024
The full version of this document is in PDF and well formatted. I purchased it because it has more questions compare to this free version.
INDIA
upvote

hassan commented on October 01, 2024
Hoping the Dumps will help
CANADA
upvote

Fred commented on October 01, 2024
Thank you for putting together these questions. The PDF was great but the test engine needs a lot of enhancement.
UNITED KINGDOM
upvote

Solomon commented on October 01, 2024
I passed the SAAC03 on Saturday. These guys are doing a great job on this platform and they deserve the credit. Their questions are valid and thoroughly reviewed. I recommend subscribing to Freebrain dumps
Anonymous
upvote

Jeff commented on October 01, 2024
Question 11 is Form Choice (Answer D) - explanation is examining the answer
CANADA
upvote

Cleo commented on October 01, 2024
great resource, for the exams Ireland
Anonymous
upvote

shilpa commented on October 01, 2024
hi neee help in preparation of my exam
Anonymous
upvote

Petro UA commented on October 01, 2024
hate DNS questions. So need to practice more
UNITED STATES
upvote

Trying Out commented on September 30, 2024
useful to learn and prep for integ architect
Anonymous
upvote

Nope commented on September 30, 2024
Prince2 v6, about 10% of the answers are wrong
UNITED KINGDOM
upvote

Viney commented on September 30, 2024
Brilliant!!! Spot on questions. Passed with on the first go. Can't say thank you enough.
Italy
upvote

A commented on September 30, 2024
Good questiond
Anonymous
upvote

MM commented on September 30, 2024
is there anyone who wrote and pass using this dump?
SOUTH AFRICA
upvote

Chris commented on September 30, 2024
This is a very good resource. Reliable and cheap.
UNITED STATES
upvote

DeMalio commented on September 30, 2024
Very helpful and very accurate. Could not have passed this exam without this exam dump. Very grateful.
UNITED STATES
upvote

Pragati commented on September 30, 2024
Useful Resources
Anonymous
upvote

Dan commented on September 30, 2024
hi Thanks could you provide scenario based questions ?
FRANCE
upvote

Ashitosh commented on September 30, 2024
I m Ashitosh
JAPAN
upvote

Chipo Musenge commented on September 30, 2024
These revision are so insightful.
Anonymous
upvote