최신CrowdStrike Certified Falcon Responder - CCFR-201b무료샘플문제
문제1
To manage the lifecycle of security incidents and review new alerts, a responder must navigate through the Falcon sidebar to which specific location?
To manage the lifecycle of security incidents and review new alerts, a responder must navigate through the Falcon sidebar to which specific location?
정답: C
문제2
Which is TRUE regarding a file released from quarantine?
Which is TRUE regarding a file released from quarantine?
정답: D
문제3
An analyst is triaging a detection that has been categorized under the 'Follow Through' Objective Layer.
Based on the Falcon technical documentation, which of the following adversary tactics is most likely to be observed within this specific layer?
An analyst is triaging a detection that has been categorized under the 'Follow Through' Objective Layer.
Based on the Falcon technical documentation, which of the following adversary tactics is most likely to be observed within this specific layer?
정답: A
문제4
While examining the 'Process Details' sidebar of a detection, a responder sees the following icons: "25 Network Operations" and "277 Disk Operations". What does this contextual data represent?
While examining the 'Process Details' sidebar of a detection, a responder sees the following icons: "25 Network Operations" and "277 Disk Operations". What does this contextual data represent?
정답: A
문제5
In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?
In the "Full Detection Details", which view will provide an exportable text listing of events like DNS requests. Registry Operations, and Network Operations?
정답: A
문제6
Where can you find hosts that are in Reduced Functionality Mode?
Where can you find hosts that are in Reduced Functionality Mode?
정답: B
문제7
Which of the following tactic and technique combinations is sourced from MITREATT AND CKinformation?
Which of the following tactic and technique combinations is sourced from MITREATT AND CKinformation?
정답: C
문제8
What is the difference between a Host Search and a Host Timeline?
What is the difference between a Host Search and a Host Timeline?
정답: D
문제9
CrowdScore is a metric used to identify the severity of an ongoing incident. What percentage of increase in a CrowdScore is considered a strong indication of a coordinated attack?
CrowdScore is a metric used to identify the severity of an ongoing incident. What percentage of increase in a CrowdScore is considered a strong indication of a coordinated attack?
정답: D
문제10
Administrators can define their own criteria for alerts. Which of the following is an example of a custom detection within the Falcon platform?
Administrators can define their own criteria for alerts. Which of the following is an example of a custom detection within the Falcon platform?
정답: B
문제11
Host Search is a powerful investigation tool. From which of the following sources is a responder most likely to pivot directly to a Host Search?
Host Search is a powerful investigation tool. From which of the following sources is a responder most likely to pivot directly to a Host Search?
정답: D
문제12
When viewing the main 'Quarantine' dashboard to manage blocked files, which of the following pieces of information CANNOT be seen by default?
When viewing the main 'Quarantine' dashboard to manage blocked files, which of the following pieces of information CANNOT be seen by default?
정답: B
문제13
If a local administrator needs to inspect the quarantine directory directly on a machine, where are quarantine files located on a Windows Endpoint?
If a local administrator needs to inspect the quarantine directory directly on a machine, where are quarantine files located on a Windows Endpoint?
정답: C
문제14
Which of the following subtitles/sub-views cannot be seen in the results of a 'Hash Search'?
Which of the following subtitles/sub-views cannot be seen in the results of a 'Hash Search'?
정답: B
문제15
Which of the following is NOT a valid event type?
Which of the following is NOT a valid event type?
정답: A