CrowdStrike CCFR-201b - CrowdStrike Certified Falcon Responder
In the Falcon Overwatch Best Practice workflow, at what specific point is a responder encouraged to utilize OSINT (Open Source Intelligence) searches?
During an advanced hunting session, a responder is writing a custom query in the Event Search tool to track the lineage of a suspicious process. They notice a field labeled TargetProcessId_decimal. Which of the following sentences accurately describes the technical significance of this value within the CrowdStrike telemetry ecosystem?
What happens when a hash is allowlisted?
If a file has a prevalence of ' Local: Low ' and ' Global: High ' , what does this typically indicate to a responder?
A responder is focused on a specific malicious script and wants to see everything that the script ' s process did. Which timeline is the best tool for this task?
A responder needs to find a specific sequence of network connections that did not trigger a detection. Which search tool allows them to search for anything within the raw telemetry?
What information is contained within a Process Timeline?
The ' Detection Resolutions ' dashboard helps track team performance. Which of the following CANNOT be seen from this dashboard?
A security responder is investigating a detection where a low-privileged process attempted to manipulate a system token to gain administrative rights. Within the specific terminology used by the Falcon console, ' Privilege Escalation ' is classified as a:
Which specific event type in the Falcon telemetry is associated with the creation of a new ' TargetProcessId_decimal ' ?
