ExamTopics Logo
Mail Us[email protected]
Menu
Crowdstrike Discussions
exam questions

Exam CCFR-201 All Questions

View all questions & answers for the CCFR-201 exam
Go to Exam

Exam CCFR-201 topic 1 question 46 discussion

Actual exam question from CrowdStrike's CCFR-201
Question #: 46
Topic #: 1
[All CCFR-201 Questions]

When analyzing an executable with a global prevalence of common; but you do not know what the executable is, what is the best course of action?

  • A. Do nothing, as this file is common and well known
  • B. From detection, click the VT Hash button to pivot to VirusTotal to investigate further
  • C. From detection, use API manager to create a custom blocklist
  • D. From detection, submit to FalconX for deep dive analysis
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by lightmagenta at Dec. 13, 2023, 7:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Andr3yas
1 month, 2 weeks ago
Selected Answer: B
Global prevalence is a field that indicates how frequently the hash of a file is seen across all CrowdStrike customer environments. A global prevalence of common means that the file is widely distributed and likely benign. However, if you do not know what the executable is, you may want to investigate it further to confirm its legitimacy and functionality. One way to do that is to click the VT Hash button from the detection, which will pivot you to VirusTotal, a service that analyzes files and URLs for viruses, malware, and other threats. You can then see more information about the file, such as its name, size, type, signatures, detections, comments, etc.
upvoted 1 times
...
alanalanalan
3 months, 2 weeks ago
Selected Answer: B
Answer is B, check with the VT.
upvoted 2 times
...
silva222222
3 months, 2 weeks ago
Selected Answer: B
The best course of action when analyzing an executable with a global prevalence of "common" but unknown functionality is: B. From detection, click the VT Hash button to pivot to VirusTotal to investigate further
upvoted 2 times
...
kangaru
7 months ago
Selected Answer: B
You don't know what the hash corresponds to, then look in VT. It provides you all details of the hash together with it's reputation.
upvoted 2 times
...
sbag0024
7 months, 1 week ago
Selected Answer: B
Going with B on this one. It is an option when looking at Full detection details.
upvoted 1 times
...
sbag0024
7 months, 1 week ago
Going with B on this one. It is an option when looking at Full detection details.
upvoted 2 times
...
Aicha78
8 months, 2 weeks ago
B is correct
upvoted 1 times
...
wildbandana
8 months, 4 weeks ago
Selected Answer: C
100% sure
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago