Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFR-201

Free CCFR-201 Exam Braindumps (page: 5)

Page 2 of 16
PDF with 60 Questions

After pivoting to an event search from a detection, you locate the ProcessRollup2 event.
Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?

  1. SHA256 and TargetProcessld_decimal
  2. SHA256 and ParentProcessld_decimal
  3. aid and ParentProcessld_decimal
  4. aid and TargetProcessld_decimal

Answer(s): D

Explanation:

According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Process Timeline search requires two parameters: aid (agent ID) and TargetProcessId_decimal (the decimal value of the process ID). These fields can be obtained from the ProcessRollup2 event, which contains information about processes that have executed on a host.



The function of Machine Learning Exclusions is to___________.

  1. stop all detections for a specific pattern ID
  2. stop all sensor data collection for the matching path(s)
  3. Stop all Machine Learning Preventions but a detection will still be generated and files will still be uploaded to the CrowdStrike Cloud
  4. stop all ML-based detections and preventions for the matching path(s) and/or stop files from being uploaded to the CrowdStrike Cloud

Answer(s): D

Explanation:

According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, Machine Learning Exclusions allow you to exclude files or directories from being scanned by CrowdStrike's machine learning engine, which can reduce false positives and improve performance. You can also choose whether to upload the excluded files to the CrowdStrike Cloud or not.



What happens when you create a Sensor Visibility Exclusion for a trusted file path?

  1. It excludes host information from Detections and Incidents generated within that file path location
  2. It prevents file uploads to the CrowdStrike cloud from that file path
  3. It excludes sensor monitoring and event collection for the trusted file path
  4. It disables detection generation from that path, however the sensor can still perform prevention actions

Answer(s): C

Explanation:

According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, Sensor Visibility Exclusions allow you to exclude certain files or directories from being monitored by the CrowdStrike sensor, which can reduce noise and improve performance. This means that no events will be collected or sent to the CrowdStrike Cloud for those files or directories.



What types of events are returned by a Process Timeline?

  1. Only detection events
  2. All cloudable events
  3. Only process events
  4. Only network events

Answer(s): B

Explanation:

According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Process Timeline search returns all cloudable events associated with a given process, such as process creation, network connections, file writes, registry modifications, etc. This allows you to see a comprehensive view of what a process was doing on a host.






Post your Comments and Discuss CrowdStrike CCFR-201 exam with other Community members:

CCFR-201 Exam Discussions & Posts