Exam Details

  • Exam Code
    :CCFR-201
  • Exam Name
    :CrowdStrike Certified Falcon Responder
  • Certification
    :CrowdStrike Falcon Certification Program
  • Vendor
    :CrowdStrike
  • Total Questions
    :60 Q&As
  • Last Updated
    :Dec 19, 2024

CrowdStrike CrowdStrike Falcon Certification Program CCFR-201 Questions & Answers

  • Question 1:

    Which of the following is NOT a filter available on the Detections page?

    A. Severity

    B. CrowdScore

    C. Time

    D. Triggering File

  • Question 2:

    When examining a raw DNS request event, you see a field called ContextProcessld_decimal. What is the purpose of that field?

    A. It contains the TargetProcessld_decimal value for other related events

    B. It contains an internal value not useful for an investigation

    C. It contains the ContextProcessld_decimal value for the parent process that made the DNS request

    D. It contains the TargetProcessld_decimal value for the process that made the DNS request

  • Question 3:

    After pivoting to an event search from a detection, you locate the ProcessRollup2 event. Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?

    A. SHA256 and TargetProcessld_decimal

    B. SHA256 and ParentProcessld_decimal

    C. aid and ParentProcessld_decimal

    D. aid and TargetProcessld_decimal

  • Question 4:

    When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?

    A. It contains an internal value not useful for an investigation

    B. It contains the TargetProcessld_decimal value of the child process

    C. It contains the Sensorld_decimal value for related events

    D. It contains the TargetProcessld_decimal of the parent process

  • Question 5:

    What information does the MITRE ATTandCKFramework provide?

    A. It provides best practices for different cybersecurity domains, such as Identify and Access Management

    B. It provides a step-by-step cyber incident response strategy

    C. It provides the phases of an adversary's lifecycle, the platforms they are known to attack, and the specific methods they use

    D. It is a system that attributes an attack techniques to a specific threat actor

  • Question 6:

    You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

    A. ParentProcessld_decimal and aid

    B. ResponsibleProcessld_decimal and aid

    C. ContextProcessld_decimal and aid

    D. TargetProcessld_decimal and aid

  • Question 7:

    When reviewing a Host Timeline, which of the following filters is available?

    A. Severity

    B. Event Types

    C. User Name

    D. Detection ID

  • Question 8:

    What is the difference between a Host Search and a Host Timeline?

    A. Results from a Host Search return information in an organized view by type, while a Host Timeline returns a view of all events recorded by the sensor

    B. A Host Timeline only includes process execution events and user account activity

    C. Results from a Host Timeline include process executions and related events organized by data type. A Host Search returns a temporal view of all events for the given host

    D. There is no difference - Host Search and Host Timeline are different names for the same search page

  • Question 9:

    You are notified by a third-party that a program may have redirected traffic to a malicious domain. Which Falcon page will assist you in searching for any domain request information related to this notice?

    A. Falcon X

    B. Investigate

    C. Discover

    D. Spotlight

  • Question 10:

    How does a DNSRequest event link to its responsible process?

    A. Via both its ContextProcessld__decimal and ParentProcessld_decimal fields

    B. Via its ParentProcessld_decimal field

    C. Via its ContextProcessld_decimal field

    D. Via its TargetProcessld_decimal field

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CrowdStrike exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCFR-201 exam preparations and CrowdStrike certification application, do not hesitate to visit our Vcedump.com to find your solutions here.