CrowdStrike CCFR-201b - CrowdStrike Certified Falcon Responder
When an organization needs to detect a specific behavior that is unique to their environment, they can create a Custom IOA. Which of the following is NOT required when configuring a custom IOA from scratch?
Detections in Falcon are classified by their origin. Which of the following is NOT a recognized type of detection?
How does a DNSRequest event link to its responsible process?
When reviewing CrowdScore Incidents, which of the following statements is INCORRECT?
After an investigation, the following malicious artifacts have been identified:
C:\Users*\AppData\iamnotmalware.exe
C:\Users*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iamnotmalware.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iamnotmalware_really
What method will remove all associated artifacts from hosts that trigger future related detections?
What happens when you open the full detection details?
When analyzing an executable with a global prevalence of common; but you do not know what the executable is. what is the best course of action?
The Process Activity View provides a rows-and-columns style view of the events generated in a detection. Why might this be helpful?
What types of events are returned by a Process Timeline?
What action is needed to ensure Falcon does not block or generate a detection for a process by using the file hash?
