What happens when a hash is allowlisted?
Answer(s): D
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the allowlist feature allows you to exclude files or directories from being scanned or blocked by CrowdStrike's machine learning engine or indicators of attack (IOAs)2. This can reduce false positives and improve performance. When you allowlist a hash, you are allowing that file to execute on any host that belongs to your organization's CID (customer ID)2. This does not affect other Falcon customers or hosts outside your CID2.
Which of the following is returned from the IP Search tool?
Answer(s): A
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the IP Search tool allows you to search for an IP address and view a summary of information from Falcon events that contain that IP address. The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, and geolocation of the host that communicated with that IP address.
Which is TRUE regarding a file released from quarantine?
Answer(s): B
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, when you release a file from quarantine, you are restoring it to its original location and allowing it to execute on any host in your organization. This action also removes the file from the quarantine list and deletes it from the CrowdStrike Cloud.
Which of the following is an example of a MITRE ATT&CK tactic?
According to the [MITRE ATT&CK website], MITRE ATT&CK is a knowledge base of adversary behaviors and techniques based on real-world observations. The knowledge base is organized into tactics and techniques, where tactics are the high-level goals of an adversary, such as initial access, persistence, lateral movement, etc., and techniques are the specific ways an adversary can achieve those goals, such as phishing, credential dumping, remote file copy, etc. Defense Evasion is one of the tactics defined by MITRE ATT&CK, which covers actions that adversaries take to avoid detection or prevent security controls from blocking their activities. Eternal Blue, Emotet, and Phishing are examples of techniques, not tactics.
Post your Comments and Discuss CrowdStrike CCFR-201 exam with other Community members:
Blue Commented on June 09, 2025 Intesteresting questions from exam perspective AUSTRALIA
To protect our content from bots for real learners like you, we ask you to register for free. Sign in or sign up now to continue with the CCFR-201 material!