Free CrowdStrike CCFR-201b Exam Dumps Questions & Answers

How long are quarantined files stored on the host?

• A.  Quarantined files are never deleted from the host
• B.  45 Days
• C.  30 Days
• D.  90 Days

An adversary is attempting to disable security features by modifying the system registry. Which of the following native Windows processes is specifically designed to create, modify, and delete Registry keys via the command line?

• A.  taskmgr.exe
• B.  svchost.exe
• C.  reg.exe
• D.  lsass.exe

Which of the following is NOT a valid event type?

• A.  ProcessRollup2
• B.  EndofProcess
• C.  StartofProcess
• D.  DnsRequest

After running an Event Search, you can select many Event Actions depending on your results. Which of the following is NOT an option for any Event Action?

• A.  Draw Process Explorer
• B.  Show a +/- 10-minute window of events
• C.  Show a Process Timeline for the responsible process
• D.  Show Associated Event Data (from TargetProcessld_decimal or ContextProcessld_decimal)

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

• A.  ResponsibleProcessld_decimal and aid
• B.  TargetProcessld_decimal and aid
• C.  ParentProcessld_decimal and aid
• D.  ContextProcessld_decimal and aid