Loading questions...
Updated
What action is used when you want to save a prevention hash for later use?
You receive an email from a third-party vendor that one of their services is compromised, the vendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?
You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?
How long are quarantined files stored in the CrowdStrike Cloud?
You are notified by a third-party that a program may have redirected traffic to a malicious domain. Which Falcon page will assist you in searching for any domain request information related to this notice?
What information is contained within a Process Timeline?
Sensor Visibility Exclusion patterns are written in which syntax?
In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?
What happens when a quarantined file is released?
When reviewing a Host Timeline, which of the following filters is available?
Create a free account to unlock all questions for this exam.
Log In / Sign UpWhere can you find hosts that are in Reduced Functionality Mode?
What is an advantage of using a Process Timeline?