Smartly Prepare Exam with Free Online CCFR-201b Practice Test

We offer the latest CCFR-201b practice test designed for free and effective online CrowdStrike Certified Falcon Responder - 2024 Version certification preparation. It's a simulation of the real CCFR-201b exam experience, built to help you understand the structure, complexity, and topics you'll face on exam day.

Question 1

Which Executive Summary dashboard item indicates sensors running with unsupported versions?

Options :

A : Detections by Severity

B : Inactive Sensors

C : Sensors in RFM

D : Active Sensors

Answer: C

Question 2

What happens when you open the full detection details?

Options :

A : The process explorer opens and the detection is removed from the console

B : The process explorer opens and you’re able to view the processes and process relationships

C : The process explorer opens and the detection copies to the clipboard

D : The process explorer opens and the Event Search query is run for the detection

Answer: B

Question 3

A list of managed and unmanaged neighbors for an endpoint can be found:

Options :

A : by using Hosts page in the Investigate tool

B : by reviewing "Groups" in Host Management under the Hosts page

C : under "Audit" by running Sensor Visibility Exclusions Audit

D : only by searching event data using Event Search

Answer: A

Question 4

Where can you find hosts that are in Reduced Functionality Mode?

Options :

A : Event Search

B : Executive Summary dashboard

C : Host Search

D : Installation Tokens

Answer: C

Question 5

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

Options :

A : ParentProcessId_decimal and aid

B : ResponsibleProcessId_decimal and aid

C : ContextProcessId_decimal and aid

D : TargetProcessId_decimal and aid

Answer: B