What is the difference between a Host Search and a Host Timeline?
Answer(s): A
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Host Search allows you to search for hosts based on various criteria, such as hostname, IP address, OS, etc. The results are displayed in an organized view by type, such as detections, incidents, processes, network connections, etc. The Host Timeline allows you to view all events recorded by the sensor for a given host in a chronological order. The events include process executions, file writes, registry modifications, network connections, user logins, etc.
When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?
Answer(s): D
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the ParentProcessld_decimal field contains the decimal value of the process ID of the parent process that spawned or injected into the target process. This field can be used to trace the process lineage and identify malicious or suspicious activities.
What action is used when you want to save a prevention hash for later use?
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the Always Block action allows you to block a file from executing on any host in your organization based on its hash value. This action can be used to prevent known malicious files from running on your endpoints.
A list of managed and unmanaged neighbors for an endpoint can be found:
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, you can use the Hosts page in the Investigate tool to view information about your endpoints, such as hostname, IP address, OS, sensor version, etc. You can also see a list of managed and unmanaged neighbors for each endpoint, which are other devices that have communicated with that endpoint over the network. This can help you identify potential threats or vulnerabilities in your network.
Post your Comments and Discuss CrowdStrike CCFR-201 exam with other Community members:
Blue Commented on June 09, 2025 Intesteresting questions from exam perspective AUSTRALIA
To protect our content from bots for real learners like you, we ask you to register for free. Sign in or sign up now to continue with the CCFR-201 material!