Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

CCFR-201Free trial

By crowdstrike

Verified

25Q per page

Question 1

Where can you find hosts that are in Reduced Functionality Mode?

A: Event Search
B: Executive Summary dashboard
C: Host Search
D: Installation Tokens

—

Question 2

What is an advantage of using a Process Timeline?

A: Process related events can be filtered to display specific event types
B: Suspicious processes are color-coded based on their frequency and legitimacy over time
C: Processes responsible for spikes in CPU performance are displayed over time
D: A visual representation of Parent-Child and Sibling process relationships is provided

—

Question 3

What action is used when you want to save a prevention hash for later use?

A: Always Block
B: Never Block
C: Always Allow
D: No Action

—

Question 4

You receive an email from a third-party vendor that one of their services is compromised, the vendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?

A: IP Addresses
B: Remote or Network Logon Activity
C: Remote Access Graph
D: Hash Executions

—

Question 5

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

A: ParentProcessId_decimal and aid
B: ResponsibleProcessId_decimal and aid
C: ContextProcessId_decimal and aid
D: TargetProcessId_decimal and aid

—

Question 6

How long are quarantined files stored in the CrowdStrike Cloud?

A: 45 Days
B: 90 Days
C: 30 Days
D: Quarantined files are not deleted

—

Question 7

You are notified by a third-party that a program may have redirected traffic to a malicious domain. Which Falcon page will assist you in searching for any domain request information related to this notice?

A: Falcon X
B: Investigate
C: Discover
D: Spotlight

—

Question 8

What information is contained within a Process Timeline?

A: All cloudable process-related events within a given timeframe
B: All cloudable events for a specific host
C: Only detection process-related events within a given timeframe
D: A view of activities on Mac or Linux hosts

—

Question 9

Sensor Visibility Exclusion patterns are written in which syntax?

A: Glob Syntax
B: Kleene Star Syntax
C: RegEx
D: SPL (Splunk)

—

Question 10

In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?

A: The data is unable to be exported
B: View as Process Tree
C: View as Process Timeline
D: View as Process Activity

—

Question 11

What happens when a quarantined file is released?

A: It is moved into the C:\CrowdStrike\Quarantine\Released folder on the host
B: It is allowed to execute on the host
C: It is deleted
D: It is allowed to execute on all hosts

—

Question 12

When reviewing a Host Timeline, which of the following filters is available?

A: Severity
B: Event Types
C: User Name
D: Detection ID

—

That’s the end of your free questions

You’ve reached the preview limit for CCFR-201

Consider upgrading to gain full access!

Page 1 of 3 • Questions 1-25 of 60

1 2 3

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!