Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CCFR-201b Exam Dumps - CrowdStrike CCFR Questions and Answers

Question # 34

CrowdScore is a metric used to identify the severity of an ongoing incident. What percentage of increase in a CrowdScore is considered a strong indication of a coordinated attack?

Options:

A.

10%

B.

20%

C.

50%

D.

100%

Buy Now
Question # 35

Refer to the image.

In the Full Detection View while viewing the Process Tree you see an attack outlined as in the image above.

Based on what you see, what happened during the attack?

Options:

A.

The attacker launched a command prompt, renamed binaries, executed malware, and prepared exfiltration

B.

The attacker launched a command prompt to establish a reverse shell to grant remote code execution capabilities

C.

The attacker executed malware, renamed binaries, prepared exfiltration, and deleted backups to prevent recovery

D.

The attacker launched a command prompt, enumerated the host, created persistence, and deleted backups to prevent recovery

Buy Now
Question # 36

When a responder chooses to ' Release ' a file from quarantine because it was determined to be a false positive, what type of allowlist is automatically created in the background?

Options:

A.

Filename-based allowlist

B.

Hash-based allowlist

C.

Path-based allowlist

D.

Command-line allowlist

Buy Now
Question # 37

The Bulk Domain Search tool contains Domain information along with which of the following?

Options:

A.

Process Information

B.

Port Information

C.

IP Lookup Information

D.

Threat Actor Information

Buy Now
Question # 38

A responder is using ' Host Search ' to gather baseline data on a machine. Which of the following pieces of information is NOT provided by the Host Search results?

Options:

A.

List of running services and drivers.

B.

Macro Execution History for Microsoft Office products.

C.

Recent network connections and IP addresses.

D.

List of local user accounts and administrators.

Buy Now
Question # 39

How does a DNSRequest event link to its responsible process?

Options:

A.

Via both its ContextProcessld__decimal and ParentProcessld_decimal fields

B.

Via its ParentProcessld_decimal field

C.

Via its ContextProcessld_decimal field

D.

Via its TargetProcessld_decimal field

Buy Now
Question # 40

You can jump to a Process Timeline from many views, like a Hash Search, by clicking which of the following?

Options:

A.

ProcessTimeline Link

B.

PID

C.

UTCtime

D.

Process ID or Parent Process ID

Buy Now
Question # 41

What is the difference between a Host Search and a Host Timeline?

Options:

A.

Results from a Host Search return information in an organized view by type, while a Host Timeline returns a view of all events recorded by the sensor

B.

A Host Timeline only includes process execution events and user account activity

C.

Results from a Host Timeline include process executions and related events organized by data type. A Host Search returns a temporal view of all events for the given host

D.

There is no difference - Host Search and Host Timeline are different names for the same search page

Buy Now
Question # 42

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

Options:

A.

ParentProcessld_decimal and aid

B.

ResponsibleProcessld_decimal and aid

C.

ContextProcessld_decimal and aid

D.

TargetProcessld_decimal and aid

Buy Now
Question # 43

When examining a detection process tree, several fields are provided to give context. Which of the following is NOT included in the standard fields of a detection process tree?

Options:

A.

Command Line

B.

User Name

C.

HTTP Post contents

D.

SHA256 Hash

Buy Now
Exam Code: CCFR-201b
Exam Name: CrowdStrike Certified Falcon Responder
Last Update: Jul 5, 2026
Questions: 199
CCFR-201b pdf

CCFR-201b PDF

$25.5  $84.99
CCFR-201b Engine

CCFR-201b Testing Engine

$28.5  $94.99
CCFR-201b PDF + Engine

CCFR-201b PDF + Testing Engine

$40.5  $134.99