Question 1

What happens when you open the full detection details?

Options :

A : The process explorer opens and the detection is removed from the console

B : The process explorer opens and you’re able to view the processes and process relationships

C : The process explorer opens and the detection copies to the clipboard

D : The process explorer opens and the Event Search query is run for the detection

Answer: B

Question 2

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenInfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

Options :

A : ParentProcessId_decimal and aid

B : ResponsibleProcessId_decimal and aid

C : ContextProcessId_decimal and aid

D : TargetProcessId_decimal and aid

Answer: B

Question 3

You can jump to a Process Timeline from many views, like a Hash Search, by clicking which of the following?

Options :

A : ProcessTimeline Link

B : PID

C : UTC time

D : Process ID or Parent Process ID

Answer: B

Question 4

What do IOA exclusions help you achieve?

Options :

A : Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy

B : Reduce false positives of behavioral detections from IOA based detections only

C : Reduce false positives of behavioral detections from IOA based detections based on a file hash

D : Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

Answer: B

Question 5

The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?

Options :

A : 500

B : 750

C : 1000

D : 1200

Answer: C

Higher Test Marks with Free Online CCFR-201b Exam Practice

Buying Options: