No Installation Required, Instantly Prepare for the CCFR-201 exam and please click the below link to start the CCFR-201 Exam Simulator with a real CCFR-201 practice exam questions.
Use directly our on-line CCFR-201 exam dumps materials and try our Testing Engine to pass the CCFR-201 which is always updated.
A list of managed and unmanaged neighbors for an endpoint can be found:
Correct Answer:A
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, you can use the Hosts page in the Investigate tool to view information about your endpoints, such as hostname, IP address, OS, sensor version, etc2. You can also see a list of managed and unmanaged neighbors for each endpoint, which are other devices that have communicated with that endpoint over the network2. This can help you identify potential threats or vulnerabilities in your network2.
Which is TRUE regarding a file released from quarantine?
Correct Answer:B
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, when you release a file from quarantine, you are restoring it to its original location and allowing it to execute on any host in your organization2. This action also removes the file from the quarantine list and deletes it from the CrowdStrike Cloud2.
From the Detections page, how can you view 'in-progress' detections assigned to Falcon Analyst Alex?
Correct Answer:D
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the Detections page allows you to view and manage detections generated by the CrowdStrike Falcon platform2. You can use various filters to narrow down the detections based on criteria such asstatus, severity, tactic, technique, etc2. To view ??in-progress?? detections assigned to Falcon Analyst Alex, you can filter on ??Status: In-Progress?? and 'Assigned-to: Alex*'2. The asterisk (*) is a wildcard that matches any characters after Alex2.
The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?
Correct Answer:C
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the Falcon platform will show a maximum of 1000 detections per day for a single AID1. This is a limitimposed by the Falcon API, which is used to retrieve the detections from the CrowdStrike Cloud1. If there are more than 1000 detections per day for a single AID, only the first 1000 will be shown1.
What do IOA exclusions help you achieve?
Correct Answer:B
According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, IOA exclusions allow you to exclude files or directories from being detected or blocked by CrowdStrike??s indicators of attack (IOAs), which are behavioral rules that identify malicious activities2. This can reduce false positives and improve performance2. IOA exclusions only apply to IOA based detections, not other types of detections such as machine learning, custom IOA, or OverWatch2.