CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFR-201

Free CCFR-201 Exam Braindumps (page: 5)

Page 5 of 16
PDF with 60 Questions

After running an Event Search, you can select many Event Actions depending on your results.
Which of the following is NOT an option for any Event Action?

  1. Draw Process Explorer
  2. Show a +/- 10-minute window of events
  3. Show a Process Timeline for the responsible process
  4. Show Associated Event Data (from TargetProcessld_decimal or ContextProcessld_decimal)

Answer(s): A

Explanation:

According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Event Search tool allows you to search for events based on various criteria, such as event type, timestamp, hostname, IP address, etc. You can also select one or more events and perform various actions, such as show a process timeline, show a host timeline, show associated event data, show a +/- 10-minute window of events, etc. However, there is no option to draw a process explorer, which is a graphical representation of the process hierarchy and activity.



Which option indicates a hash is allowlisted?

  1. No Action
  2. Allow
  3. Ignore
  4. Always Block

Answer(s): B

Explanation:

According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the allowlist feature allows you to exclude files or directories from being scanned or blocked by CrowdStrike's machine learning engine or indicators of attack (IOAs)2. This can reduce false positives and improve performance.
When you allowlist a hash, you are allowing that file to execute on any host that belongs to your organization's CID (customer ID)2. The option to indicate that a hash is allowlisted is "Allow"2.



Which of the following tactic and technique combinations is sourced from MITRE ATT&CK information?

  1. Falcon Intel via Intelligence Indicator - Domain
  2. Machine Learning via Cloud-Based ML
  3. Malware via PUP
  4. Credential Access via OS Credential Dumping

Answer(s): D

Explanation:

According to the [MITRE ATT&CK website], MITRE ATT&CK is a knowledge base of adversary behaviors and techniques based on real-world observations. The knowledge base is organized into tactics and techniques, where tactics are the high-level goals of an adversary, such as initial access, persistence, lateral movement, etc., and techniques are the specific ways an adversary can achieve those goals, such as phishing, credential dumping, remote file copy, etc. Credential Access via OS Credential Dumping is an example of a tactic and technique combination sourced from MITRE ATT&CK information, which describes how adversaries can obtain credentials from operating system memory or disk storage by using tools such as Mimikatz or ProcDump.



What do IOA exclusions help you achieve?

  1. Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy
  2. Reduce false positives of behavioral detections from IOA based detections only
  3. Reduce false positives of behavioral detections from IOA based detections based on a file hash
  4. Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

Answer(s): B

Explanation:

According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, IOA exclusions allow you to exclude files or directories from being detected or blocked by CrowdStrike's indicators of attack (IOAs), which are behavioral rules that identify malicious activities. This can reduce false positives and improve performance. IOA exclusions only apply to IOA based detections, not other types of detections such as machine learning, custom IOA, or OverWatch.



Page 5 of 16



Post your Comments and Discuss CrowdStrike CCFR-201 exam with other Community members:

Abhishek commented on December 21, 2024
It was Nice
Anonymous
upvote

Sumeet G Hongekar commented on December 21, 2024
I am eger to write cad exaam
UNITED STATES
upvote

KAREEM ROFIAT BOLANLE commented on December 21, 2024
not yet written the exam
Anonymous
upvote

Subham commented on December 21, 2024
Good set of question for practice
Anonymous
upvote

Krish commented on December 20, 2024
Good to have test papers
INDIA
upvote

Ashish Sharma commented on December 20, 2024
Very elaborative explanation and apt questions
CANADA
upvote

Ashish Sharma commented on December 20, 2024
Very Useful
CANADA
upvote

Ashwani commented on December 20, 2024
Nice questions
UNITED KINGDOM
upvote

hardik commented on December 20, 2024
Very good content
UNITED STATES
upvote

Test commented on December 20, 2024
its helpful
Anonymous
upvote

haardik commented on December 20, 2024
Good so far
UNITED STATES
upvote

priya commented on December 20, 2024
good to prepare for the exam
Anonymous
upvote

Nagaraj commented on December 20, 2024
The questions help me to review
Anonymous
upvote

Reagan commented on December 20, 2024
Very Useful
Anonymous
upvote

Anonymous commented on December 20, 2024
definitely a perfect set of questions
Anonymous
upvote

DD commented on December 20, 2024
Preparing for exam
Anonymous
upvote

Anonymous1 commented on December 20, 2024
Nice questions
Anonymous
upvote

PrepGoku commented on December 20, 2024
Great list of questions, with full explaination
Anonymous
upvote

Hemlata commented on December 20, 2024
Great content
INDIA
upvote

Nicholos J Frates commented on December 20, 2024
I just passed the Salesforce-AI-Associate exam recently! my Result Card: https://docs.google.com/document/d/1CicoY5IGQwyyanVV_cCEUE2jFT86tyl3FZ_hA6Q_BiM
Anonymous
upvote

Hemlata commented on December 20, 2024
It is useful.
INDIA
upvote

Koomi commented on December 20, 2024
Great Content
Anonymous
upvote

Aamamm commented on December 20, 2024
useful for certfication
UNITED STATES
upvote

Preeti commented on December 20, 2024
How many questions in exam was from dump who give exam recently?
INDIA
upvote

Preeti commented on December 20, 2024
Have any of you taken the exam recently and passed just by using this dump?
INDIA
upvote

gill commented on December 20, 2024
nice nice nice
Anonymous
upvote

Hitesh commented on December 20, 2024
good practice questions available here
UNITED STATES
upvote

KT commented on December 20, 2024
I passed using this dumps.
Anonymous
upvote

Hassan commented on December 19, 2024
Quite challenging and interesting
Anonymous
upvote

mke commented on December 19, 2024
so far so good
UNITED STATES
upvote

JP commented on December 19, 2024
Good so far
UNITED STATES
upvote

Anyah Vincent Ndubuisi commented on December 19, 2024
Microsoft SC 200 SOC, is awesomely good enough for every cybersecurity specialist. Well detailed for freshers also. From Anyah Vincent.Nigeria.
Anonymous
upvote

Shehan commented on December 19, 2024
Superb stuff
Anonymous
upvote

gege commented on December 19, 2024
The questions looks promising and well formatted. But has anyone passed this exam recently? I have heard the exam is very very hard.
Anonymous
upvote