CrowdStrike Exam CCFR-201 Topic 3 Question 20 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam

Question #: 20
Topic #: 3

You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?

AIdentifies a detailed list of all process executions for the specified hashes

BIdentifies hosts that loaded or executed the specified hashes

CIdentifies users associated with the specified hashes

DIdentifies detections related to the specified hashes

Show Suggested Answer

Suggested Answer: B

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, when you quarantine a file from a host using IOC Management or Real Time Response (RTR), you are moving it from its original location to a secure location on the host where it cannot be executed2.The file is also encrypted and renamed with a random string of characters2.On Windows hosts, quarantined files are stored in C:WindowsSystem32DriversCrowdStrikeQuarantine folder2.

by Filiberto at Aug 03, 2024, 03:26 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!