When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?
Answer(s): D
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the ParentProcessld_decimal field contains the decimal value of the process ID of the parent process that spawned or injected into the target process. This field can be used to trace the process lineage and identify malicious or suspicious activities.
What action is used when you want to save a prevention hash for later use?
Answer(s): A
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the Always Block action allows you to block a file from executing on any host in your organization based on its hash value. This action can be used to prevent known malicious files from running on your endpoints.
A list of managed and unmanaged neighbors for an endpoint can be found:
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, you can use the Hosts page in the Investigate tool to view information about your endpoints, such as hostname, IP address, OS, sensor version, etc. You can also see a list of managed and unmanaged neighbors for each endpoint, which are other devices that have communicated with that endpoint over the network. This can help you identify potential threats or vulnerabilities in your network.
What happens when a hash is allowlisted?
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the allowlist feature allows you to exclude files or directories from being scanned or blocked by CrowdStrike's machine learning engine or indicators of attack (IOAs)2. This can reduce false positives and improve performance. When you allowlist a hash, you are allowing that file to execute on any host that belongs to your organization's CID (customer ID)2. This does not affect other Falcon customers or hosts outside your CID2.
Which of the following is returned from the IP Search tool?
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the IP Search tool allows you to search for an IP address and view a summary of information from Falcon events that contain that IP address. The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, and geolocation of the host that communicated with that IP address.
Share your comments for CrowdStrike CCFR-201 exam with other users:
love the site.
can you please upload it back?
could you please re-upload this exam? thanks a lot!
great about shared quiz
goood helping
pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.
wish you would allow more free questions
great simulation
very g inood
q35 should be a
sap c_ts450_2021
nice questions
ecellent materil for unserstanding
good so far
this is way too informative
very helpfull
q.189 - answers are incorrect.
awesome job in getting these questions
i cant find aws certified practitioner clf-c01 exam in aws website but i found aws certified practitioner clf-c02 exam. can everyone please verify the difference between the two clf-c01 and clf-c02? thank you
grazie mille. i got a satisfactory mark in my exam test today because of this exam dumps. sorry for my english.
some of the answers are incorrect. need to be reviewed.
so far so good
i am really liking it
thanks good stuff
need dump c_tadm_23
next time i will write a full review
first time using this site
please sent me oracle 1z0-1105-22 pdf
very helpful
good info about oml
very useful to practice
this website is very helpful.
good content
so challenging
Keeping this site free takes real effort. We constantly battle automated scraping and unauthorized content copying. A quick account helps us protect the community and keep the site free.
To continue studying for your CCFR-201, please sign in or create a free account.