CrowdStrike Certified Falcon Responder - CCFR-201b무료 덤프문제 풀어보기
CrowdStrike implements a specific framework within the Falcon console to help responders categorize detections based on the adversary's ultimate goals and the technical means used to achieve them. This classification system, which maps activity to known industry standards, is known as the:
정답: A
An analyst needs to perform local sandbox analysis on a malicious file. When they download a quarantined file from the Falcon UI, what is the file format and the default password?
정답: C
Filtering is essential for managing a high volume of alerts. Which of the following filters is available by default within the 'Endpoint Detections' dashboard to help narrow down specific threats?
정답: B
Which is TRUE regarding a file released from quarantine?
정답: C
The Falcon sensor is designed to provide deep visibility into endpoint activity, yet it is not omniscient.
According to the Cyber Kill Chain model, which of the following stages does the Falcon sensor typically NOT have visibility over?
According to the Cyber Kill Chain model, which of the following stages does the Falcon sensor typically NOT have visibility over?
정답: B
The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?
정답: C
Falcon limits the number of detections displayed to prevent the UI from becoming overwhelmed. How many detections are displayed per day per Agent ID (AID)?
정답: B
How are processes on the same plane ordered (bottom 'VMTOOLSD.EXE' to top CMD.EXE')?
정답: B
When navigating the main 'Detections' page, several filters are available in the dropdown menu. Which of the following is NOT a filter available in this menu?
정답: C
Filtering the 'Detection Activity' report is useful for identifying specific threats. Which of the following filters can not be used on 'Detection Activity'?
정답: D