ExamTopics Logo
Mail Us[email protected]
Menu
 

CCFR-201 Actual Exam Questions

Last updated on Jan. 2, 2025.
Vendor:CrowdStrike
Exam Code:CCFR-201
Exam Name:CrowdStrike Certified Falcon Responder
Exam Questions:60
97% Passed the exam with this material
 

Topic 1 - Exam A

Question #1 Topic 1

Where can you find hosts that are in Reduced Functionality Mode?

  • A. Event Search
  • B. Executive Summary dashboard
  • C. Host Search
  • D. Installation Tokens
Reveal Solution Hide Solution   Discussion   6

Correct Answer: B 🗳️

Question #2 Topic 1

When reviewing a Host Timeline, which of the following filters is available?

  • A. Severity
  • B. Event Types
  • C. User Name
  • D. Detection ID
Reveal Solution Hide Solution   Discussion   2

Correct Answer: B 🗳️

Question #3 Topic 1

How does a DNSRequest event link to its responsible process?

  • A. Via both its ContextProcessId_decimal and ParentProcessId_decimal fields
  • B. Via its ParentProcessId_decimal field
  • C. Via its ContextProcessId_decimal field
  • D. Via its TargetProcessId_decimal field
Reveal Solution Hide Solution   Discussion   7

Correct Answer: C 🗳️

Question #4 Topic 1

What information does the MITRE ATT&CK Framework provide?

  • A. It provides best practices for different cybersecurity domains, such as Identify and Access Management
  • B. It provides a step-by-step cyber incident response strategy
  • C. It provides the phases of an adversary's lifecycle, the platforms they are known to attack, and the specific methods they use
  • D. It is a system that attributes attack techniques to a specific threat actor
Reveal Solution Hide Solution   Discussion   2

Correct Answer: C 🗳️

file Viewing page 1 out of 15 pages.
Viewing questions 1-4 out of 60 questions
Next Questions
Browse atleast 50% to increase passing rate cup
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago