Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CCFR-201b Exam Dumps - CrowdStrike CCFR Questions and Answers

Question # 24

If the Falcon sensor identifies suspicious behavioral patterns—such as a process attempting to dump memory from lsass.exe—what specific type of detection will be generated?

Options:

A.

Indicator of Compromise (IOC)

B.

Indicator of Attack (IOA)

C.

Known Malware Alert

D.

Intelligence Data Match

Buy Now
Question # 25

While reviewing the high-level organizational structure of a complex detection in the Falcon console, a responder identifies several layers of activity. Which of the following is NOT officially recognized as an Objective Layer within the CrowdStrike detection hierarchy?

Options:

A.

Contact Controlled Systems

B.

Lateral Movement

C.

Gain Access

D.

Follow Through

Buy Now
Question # 26

Which of the following statements about the ' Detection Activity ' report is FALSE?

Options:

A.

It provides a summary of all alerts over a selected time period.

B.

It can be filtered by host name or severity.

C.

Clicking on a ProcessID value within the report pivots to a pre-populated Event Search.

D.

The report can be exported to a CSV file.

Buy Now
Question # 27

You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?

Options:

A.

User logons after the detection

B.

Executions of schtasks.exe after the detection

C.

Scheduled tasks registered prior to the detection

D.

Pivot to a Hash search for taskeng.exe

Buy Now
Question # 28

A responder needs to view a high-level overview of the environment ' s security posture. Where can they find the ' Activity Dashboard ' ?

Options:

A.

Investigate > Activity Dashboard

B.

Endpoint Security > Monitor > Activity Dashboard

C.

Configuration > General > Activity Dashboard

D.

Support > Analytics > Activity Dashboard

Buy Now
Question # 29

During the incident response process, a responder must update the status of a detection. Which of the following options is NOT a valid detection status recognized by the Falcon console?

Options:

A.

New

B.

Complete

C.

In Progress

D.

True Positive

Buy Now
Question # 30

When viewing the main ' Quarantine ' dashboard to manage blocked files, which of the following pieces of information CANNOT be seen by default?

Options:

A.

Filename

B.

Host Name

C.

Hash

D.

Date Quarantined

Buy Now
Question # 31

When training a new team member on how to interpret Falcon telemetry, a senior responder explains the definition of a ' Tactic ' . Which of the following sentences best captures the technical definition of a Tactic in this context?

Options:

A.

It represents the specific software version or exploit code used to crash a service.

B.

It is the adversary ' s tactical goal: the fundamental reason for performing a specific action.

C.

It is the unique cryptographic hash associated with a malicious file discovered on disk.

D.

It is the specific command-line string used to execute a PowerShell script.

Buy Now
Question # 32

A responder wants to include a visual representation of a process tree in an incident report. Which of the following is NOT a valid way to export process data from ' Full Detection Details ' ?

Options:

A.

Process Tree > PNG

B.

Process Tree > JPEG

C.

Detection > CSV

D.

Process Tree > JSON

Buy Now
Question # 33

When you configure and apply an IOA exclusion, what impact does it have on the host and what you see in the console?

Options:

A.

The process specified is not sent to the Falcon Sandbox for analysis

B.

The associated detection will be suppressed and the associated process would have been allowed to run

C.

The sensor will stop sending events from the process specified in the regex pattern

D.

The associated IOA will still generate a detection but the associated process would have been allowed to run

Buy Now
Exam Code: CCFR-201b
Exam Name: CrowdStrike Certified Falcon Responder
Last Update: Jul 5, 2026
Questions: 199
CCFR-201b pdf

CCFR-201b PDF

$25.5  $84.99
CCFR-201b Engine

CCFR-201b Testing Engine

$28.5  $94.99
CCFR-201b PDF + Engine

CCFR-201b PDF + Testing Engine

$40.5  $134.99