Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

Home Exams Contribute Leaderboard Login

Loading questions...

info@examcademy.com

Features

Contribute Questions Leaderboard

Community

Discord

YouTube

Legal

ExamCademy is not affiliated with or endorsed by any certification providers. All trademarks are the property of their respective owners.

CCFR-201 by CrowdStrike - Page 1 | ExamCademy | ExamCademy

Exams
CrowdStrike
CCFR-201

CCFR-201Preview

By CrowdStrike

Updated

25Q per page

Mode Selection

Question 1

Question 2

Question 3

What action is used when you want to save a prevention hash for later use?

A Always Block
B Never Block
C Always Allow
D No Action

Question 4

You receive an email from a third-party vendor that one of their services is compromised, the vendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?

A IP Addresses
B Remote or Network Logon Activity
C Remote Access Graph
D Hash Executions

Question 5

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

A ParentProcessId_decimal and aid
B ResponsibleProcessId_decimal and aid
C ContextProcessId_decimal and aid
D TargetProcessId_decimal and aid

Question 6

How long are quarantined files stored in the CrowdStrike Cloud?

A 45 Days
B 90 Days
C 30 Days
D Quarantined files are not deleted

Question 7

You are notified by a third-party that a program may have redirected traffic to a malicious domain. Which Falcon page will assist you in searching for any domain request information related to this notice?

A Falcon X
B Investigate
C Discover
D Spotlight

Question 8

What information is contained within a Process Timeline?

A All cloudable process-related events within a given timeframe
B All cloudable events for a specific host
C Only detection process-related events within a given timeframe
D A view of activities on Mac or Linux hosts

Question 9

Sensor Visibility Exclusion patterns are written in which syntax?

A Glob Syntax
B Kleene Star Syntax
C RegEx
D SPL (Splunk)

Question 10

In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?

A The data is unable to be exported
B View as Process Tree
C View as Process Timeline
D View as Process Activity

Question 11

What happens when a quarantined file is released?

A It is moved into the C:\CrowdStrike\Quarantine\Released folder on the host
B It is allowed to execute on the host
C It is deleted
D It is allowed to execute on all hosts

Question 12

When reviewing a Host Timeline, which of the following filters is available?

A Severity
B Event Types
C User Name
D Detection ID

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Page 1 of 3 • Questions 1-25 of 60

1 2 3

→

Know a question that should be here? Contribute to this exam

Where can you find hosts that are in Reduced Functionality Mode?

A Event Search
B Executive Summary dashboard
C Host Search
D Installation Tokens

What is an advantage of using a Process Timeline?

A Process related events can be filtered to display specific event types
B Suspicious processes are color-coded based on their frequency and legitimacy over time
C Processes responsible for spikes in CPU performance are displayed over time
D A visual representation of Parent-Child and Sibling process relationships is provided