CrowdStrike CCFR-201 CrowdStrike Certified Falcon Responder Exam Practice Test

Page: 1 / 14
Total 60 questions
Question 1

Which Executive Summary dashboard item indicates sensors running with unsupported versions?



Answer : C

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Executive Summary dashboard provides an overview of your sensor health and activity1.It includes various items, such as Active Sensors, Inactive Sensors, Detections by Severity, etc1.The item that indicates sensors running with unsupported versions is Sensors in RFM (Reduced Functionality Mode)1.RFM is a state where a sensor has limited functionality due to various reasons, such as license expiration, network issues, tampering attempts, or unsupported versions1.You can see the number and percentage of sensors in RFM and the reasons why they are in RFM1.


Question 2

The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?



Answer : C

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, the Falcon platform will show a maximum of 1000 detections per day for a single AID1.This is a limit imposed by the Falcon API, which is used to retrieve the detections from the CrowdStrike Cloud1.If there are more than 1000 detections per day for a single AID, only the first 1000 will be shown1.


Question 3

Which of the following is NOT a filter available on the Detections page?



Answer : D

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, the Detections page allows you to view and manage detections generated by the CrowdStrike Falcon platform2.You can use various filters to narrow down the detections based on criteria such as severity, CrowdScore, time, tactic, technique, etc2.However, there is no filter for triggering file, which is the file that caused the detection2.


Question 4

What information is contained within a Process Timeline?



Answer : A

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Process Timeline tool allows you to view all cloudable events associated with a given process, such as process creation, network connections, file writes, registry modifications, etc1.You can specify a timeframe to limit the events to a certain period1.The tool works for any host platform, not just Mac or Linux1.


Question 5

You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?



Answer : B

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Hash Execution Search tool allows you to search for one or more SHA256 hashes and view a summary of information from Falcon events that contain those hashes1.The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, and geolocation of the host that loaded or executed those hashes1.You can also see a count of detections and incidents related to those hashes1.


Question 6

In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?



Answer : D

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Full Detection Details tool allows you to view detailed information about a detection, such as detection ID, severity, tactic, technique, description, etc1.You can also view the events generated by the processes involved in the detection in different ways, such as process tree, process timeline, or process activity1.The process activity view provides a rows-and-columns style view of the events, such as DNS requests, registry operations, network operations, etc1.You can also export this view to a CSV file for further analysis1.


Question 7

When reviewing a Host Timeline, which of the following filters is available?



Answer : B

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Host Timeline tool allows you to view all events recorded by the sensor for a given host in a chronological order1.The events include process executions, file writes, registry modifications, network connections, user logins, etc1.You can use various filters to narrow down the events based on criteria such as event type, timestamp range, file name, registry key, network destination, etc1.However, there is no filter for severity, user name, or detection ID, as these are not attributes of the events1.


Page:    1 / 14   
Total 60 questions