Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CCFR-201b Exam Dumps - CrowdStrike CCFR Questions and Answers

Question # 14

When investigating system-level persistence, it is critical to know what the services.exe process is responsible for. What is its primary function?

Options:

A.

Managing user profiles and registry hives during login.

B.

Launching and managing the lifecycle of system services.

C.

Monitoring network traffic for potential data exfiltration.

D.

Providing a graphical interface for the Windows Task Manager.

Buy Now
Question # 15

What information does the MITRE ATT AND CK Framework provide?

Options:

A.

It provides best practices for different cybersecurity domains, such as Identify and Access Management

B.

It provides a step-by-step cyber incident response strategy

C.

It provides the phases of an adversary ' s lifecycle, the platforms they are known to attack, and the specific methods they use

D.

It is a system that attributes an attack techniques to a specific threat actor

Buy Now
Question # 16

Which of the following statements about the ' Hash Search ' (Single Search) is TRUE?

Options:

A.

It can search for both files and registry keys simultaneously.

B.

It identifies the geographical location of the file ' s creator.

C.

The ' Hash Written History ' section is only available for SHA256 hashes.

D.

It is primarily used to isolate a host from the network.

Buy Now
Question # 17

A security responder is investigating a detection where a low-privileged process attempted to manipulate a system token to gain administrative rights. Within the specific terminology used by the Falcon console, ' Privilege Escalation ' is classified as a:

Options:

A.

Technique

B.

Tactic

C.

Objective

D.

Indicator

Buy Now
Question # 18

When an analyst is trying to pinpoint the exact moment an endpoint came online after being shut down for the weekend, which timeline view is the best to use?

Options:

A.

Process Timeline

B.

Host Timeline

C.

User Timeline

D.

Network Timeline

Buy Now
Question # 19

The MITRE-Based Falcon Detections Framework is a core component of the Falcon UI. What is the primary operational advantage provided by this framework to a Tier 1 responder?

Options:

A.

It allows for the automated decryption of files affected by ransomware.

B.

It provides a standardized view of the attack lifecycle to help understand adversary behavior.

C.

It enables the sensor to block kernel-level drivers from unknown publishers.

D.

It provides a real-time count of the total number of files on the endpoint.

Buy Now
Question # 20

What action is needed to ensure Falcon does not block or generate a detection for a process by using the file hash?

Options:

A.

Create a Custom IOC with an action of allow for the hash

B.

Create a Machine Learning Exclusion with an action of allow for the hash

C.

Create a Custom IOA with an action of allow for the hash

D.

Create an IOA Exclusion with an action of allow for the hash

Buy Now
Question # 21

The Falcon console is divided into several modules. Timelines (Host and Process) are technically a part of which Falcon page?

Options:

A.

Activity

B.

Investigate

C.

Configuration

D.

Dashboards

Buy Now
Question # 22

What happens when a hash is set to Always Block through IOC Management?

Options:

A.

Execution is prevented on all hosts by default

B.

Execution is prevented on selected host groups

C.

Execution is prevented and detection alerts are suppressed

D.

The hash is submitted for approval to be blocked from execution once confirmed by Falcon specialists

Buy Now
Question # 23

Where can you find hosts that are in Reduced Functionality Mode?

Options:

A.

Event Search

B.

Executive Summary dashboard

C.

Host Search

D.

Installation Tokens

Buy Now
Exam Code: CCFR-201b
Exam Name: CrowdStrike Certified Falcon Responder
Last Update: Jul 5, 2026
Questions: 199
CCFR-201b pdf

CCFR-201b PDF

$25.5  $84.99
CCFR-201b Engine

CCFR-201b Testing Engine

$28.5  $94.99
CCFR-201b PDF + Engine

CCFR-201b PDF + Testing Engine

$40.5  $134.99