Question 1

What happens when you open the full detection details?

Options :

A : The process explorer opens and the detection is removed from the console

B : The process explorer opens and you’re able to view the processes and process relationships

C : The process explorer opens and the detection copies to the clipboard

D : The process explorer opens and the Event Search query is run for the detection

Answer: B

Question 2

From the Detections page, how can you view 'in-progress' detections assigned to Falcon Analyst Alex?

Options :

A : Filter on 'Analyst: Alex'

B : Alex does not have the correct role permissions as a Falcon Analyst to be assigned detections

C : Filter on 'Hostname: Alex' and 'Status: In-Progress'

D : Filter on 'Status: In-Progress' and 'Assigned-to: Alex

Answer: D

Question 3

Which Executive Summary dashboard item indicates sensors running with unsupported versions?

Options :

A : Detections by Severity

B : Inactive Sensors

C : Sensors in RFM

D : Active Sensors

Answer: C

Question 4

From a detection, what is the fastest way to see children and sibling process information?

Options :

A : Select the Event Search option. Then from the Event Actions, select Show Associated Event Data (From TargetProcessId_decimal)

B : Select Full Detection Details from the detection

C : Right-click the process and select "Follow Process Chain"

D : Select the Process Timeline feature, enter the AID, Target Process ID, and Parent Process ID

Answer: C

Question 5

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

Options :

A : ParentProcessId_decimal and aid

B : ResponsibleProcessId_decimal and aid

C : ContextProcessId_decimal and aid

D : TargetProcessId_decimal and aid

Answer: B

Free CCFR-201b Mock Exam – Practice Online Confidently

Buying Options: