CrowdStrike CCFR-201 - CrowdStrike Certified Falcon Responder Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Exam A)
When you configure and apply an IOA exclusion, what impact does it have on the host and what you see in the console?
A. The process specified is not sent to the Falcon Sandbox for analysis
B. The associated detection will be suppressed and the associated process would have been allowed to run
C. The sensor will stop sending events from the process specified in the regex pattern
D. The associated IOA will still generate a detection but the associated process would have been allowed to run
Answer: B
Question #7 (Topic: Exam A)
What are Event Actions?
A. Automated searches that can be used to pivot between related events and searches
B. Pivotable hyperlinks available in a Host Search
C. Custom event data queries bookmarked by the currently signed in Falcon user
D. Raw Falcon event data
Answer: B
Question #8 (Topic: Exam A)
Where are quarantined files stored on Windows hosts?
A. Windows\Quarantine
B. Windows\System32\Drivers\CrowdStrike\Quarantine
C. Windows\System32\
D. Windows\temp\Drivers\CrowdStrike\Quarantine
Answer: B
Question #9 (Topic: Exam A)
How long does detection data remain in the CrowdStrike Cloud before purging begins?
A. 90 Days
B. 45 Days
C. 30 Days
D. 14 Days
Answer: A
Question #10 (Topic: Exam A)
What is an advantage of using a Process Timeline?
A. Process related events can be filtered to display specific event types
B. Suspicious processes are color-coded based on their frequency and legitimacy over time
C. Processes responsible for spikes in CPU performance are displayed over time
D. A visual representation of Parent-Child and Sibling process relationships is provided
Answer: D
