Free CCFR-201 Exam Braindumps (page: 5)

Page 5 of 16

After running an Event Search, you can select many Event Actions depending on your results.
Which of the following is NOT an option for any Event Action?

  1. Draw Process Explorer
  2. Show a +/- 10-minute window of events
  3. Show a Process Timeline for the responsible process
  4. Show Associated Event Data (from TargetProcessld_decimal or ContextProcessld_decimal)

Answer(s): A

Explanation:

According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Event Search tool allows you to search for events based on various criteria, such as event type, timestamp, hostname, IP address, etc. You can also select one or more events and perform various actions, such as show a process timeline, show a host timeline, show associated event data, show a +/- 10-minute window of events, etc. However, there is no option to draw a process explorer, which is a graphical representation of the process hierarchy and activity.



Which option indicates a hash is allowlisted?

  1. No Action
  2. Allow
  3. Ignore
  4. Always Block

Answer(s): B

Explanation:

According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the allowlist feature allows you to exclude files or directories from being scanned or blocked by CrowdStrike's machine learning engine or indicators of attack (IOAs)2. This can reduce false positives and improve performance.
When you allowlist a hash, you are allowing that file to execute on any host that belongs to your organization's CID (customer ID)2. The option to indicate that a hash is allowlisted is "Allow"2.



Which of the following tactic and technique combinations is sourced from MITRE ATT&CK information?

  1. Falcon Intel via Intelligence Indicator - Domain
  2. Machine Learning via Cloud-Based ML
  3. Malware via PUP
  4. Credential Access via OS Credential Dumping

Answer(s): D

Explanation:

According to the [MITRE ATT&CK website], MITRE ATT&CK is a knowledge base of adversary behaviors and techniques based on real-world observations. The knowledge base is organized into tactics and techniques, where tactics are the high-level goals of an adversary, such as initial access, persistence, lateral movement, etc., and techniques are the specific ways an adversary can achieve those goals, such as phishing, credential dumping, remote file copy, etc. Credential Access via OS Credential Dumping is an example of a tactic and technique combination sourced from MITRE ATT&CK information, which describes how adversaries can obtain credentials from operating system memory or disk storage by using tools such as Mimikatz or ProcDump.



What do IOA exclusions help you achieve?

  1. Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy
  2. Reduce false positives of behavioral detections from IOA based detections only
  3. Reduce false positives of behavioral detections from IOA based detections based on a file hash
  4. Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

Answer(s): B

Explanation:

According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, IOA exclusions allow you to exclude files or directories from being detected or blocked by CrowdStrike's indicators of attack (IOAs), which are behavioral rules that identify malicious activities. This can reduce false positives and improve performance. IOA exclusions only apply to IOA based detections, not other types of detections such as machine learning, custom IOA, or OverWatch.



Page 5 of 16



Post your Comments and Discuss CrowdStrike CCFR-201 exam with other Community members:

mojo mojo commented on January 20, 2025
are they accurate?
SOUTH AFRICA
upvote

Raj D commented on January 20, 2025
Helpful study guide
UNITED STATES
upvote

Paul commented on January 20, 2025
Will it work if i sit for CCNP ENCORE exam in 2025?
UNITED STATES
upvote

AP commented on January 20, 2025
Is this question up to date and reliable?
UNITED KINGDOM
upvote

Thejas commented on January 20, 2025
It's a good website
Anonymous
upvote

Pravin commented on January 20, 2025
Need this set of Data Cloud
Anonymous
upvote

Poo commented on January 20, 2025
Useful contents.
Anonymous
upvote

Poo commented on January 20, 2025
Till now I am enjoying and finding the contents very useful. Eager to see rest of the contents.
Anonymous
upvote

Jeii commented on January 20, 2025
good explanations
UNITED STATES
upvote

Poo commented on January 20, 2025
Nice content
Anonymous
upvote

Aaakash commented on January 19, 2025
no comments
Anonymous
upvote

Girish commented on January 19, 2025
Good questions
UNITED KINGDOM
upvote

Hnf commented on January 18, 2025
This is a 100% valid exam dump.
Anonymous
upvote

Siva commented on January 18, 2025
Very nice questions to prepare for CISSP
Anonymous
upvote

waiphyo commented on January 17, 2025
good questions
Anonymous
upvote

Charles commented on January 17, 2025
Awesome materiels
Anonymous
upvote

Vidhi commented on January 17, 2025
good collection
Anonymous
upvote

Bharat commented on January 17, 2025
Good content
Anonymous
upvote

Bharat commented on January 17, 2025
thanks for providing free content
Anonymous
upvote

Bongu Madhusudhanarao commented on January 17, 2025
Very useful, after 60 not open
Anonymous
upvote

Nivetha commented on January 17, 2025
Nice Content
INDIA
upvote

Anne S commented on January 17, 2025
Can anyone confirm if these questions are relevant to the CCNA 200-301 1.1 exam?
Anonymous
upvote

Ahmed commented on January 16, 2025
Good good good
BAHRAIN
upvote

Rodrigo Torres commented on January 16, 2025
I did the exam once and I`m getting preperad to do it for the second time. Questions seems to be very close to the real exam.
Anonymous
upvote

Caroline commented on January 16, 2025
Good webdite
Anonymous
upvote

Raafat Mankarious commented on January 16, 2025
good questions about transmission
UNITED STATES
upvote

Mohs commented on January 16, 2025
More explanation on answers will be appreciated
GERMANY
upvote

Paco commented on January 16, 2025
Very helpful
Anonymous
upvote

dsr commented on January 16, 2025
recommended to every one those who prepare for snowpro core exam
EUROPEAN UNION
upvote

srinivas commented on January 16, 2025
useful questions for beginners
EUROPEAN UNION
upvote

Kincky77 commented on January 16, 2025
Brooo, this is awesome. Did not know you could get these practice questions online. Really helped me with the certification exam.
UNITED KINGDOM
upvote

helen joe commented on January 16, 2025
it's a great an useful material
Anonymous
upvote

Martin commented on January 16, 2025
The CISM Dumps PDF is a game-changer. It’s well-structured, easy to understand, and perfect for those new to the certification journey. Highly recommended!
UNITED STATES
upvote

AN commented on January 15, 2025
Look like there is a big help providing free practice exam question let me try Thanks
CANADA
upvote