Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 1 Question 16 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 16
Topic #: 1
[All CCFR-201 Questions]

Within the MITRE-Based Falcon Detections Framework, what is the correct way to interpret Keep Access > Persistence > Create Account?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, when you quarantine a file from a host using IOC Management or Real Time Response (RTR), you are moving it from its original location to a secure location on the host where it cannot be executed2.The file is also encrypted and renamed with a random string of characters2.On Windows hosts, quarantined files are stored in C:WindowsSystem32DriversCrowdStrikeQuarantine folder2.


by Justine at Jun 21, 2024, 06:01 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Mee
1 days ago
I think the correct way to interpret Keep Access > Persistence > Create Account is option A.
upvoted 0 times
...

Save Cancel