Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

What happens when a quarantined file is released?

A.

It is moved into theC:\CrowdStrike\Quarantine\Releasedfolder on the host

B.

It is allowed to execute on the host

C.

It is deleted

D.

It is allowed to execute on all hosts

When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?

A.

It contains an internal value not useful for an investigation

B.

It contains the TargetProcessld_decimal value of the child process

C.

It contains the Sensorld_decimal value for related events

D.

It contains the TargetProcessld_decimal of the parent process

You are reviewing the raw data in an event search from a detection tree. You find a FileOpenlnfo event and want to find out if any other files were opened by the responsible process. Which two field values do you need from this event to perform a Process Timeline search?

A.

ParentProcessld_decimal and aid

B.

ResponsibleProcessld_decimal and aid

C.

ContextProcessld_decimal and aid

D.

TargetProcessld_decimal and aid

Which is TRUE regarding a file released from quarantine?

A.

No executions are allowed for 14 days after release

B.

It is allowed to execute on all hosts

C.

It is deleted

D.

It will not generate future machine learning detections on the associated host

What are Event Actions?

A.

Automated searches that can be used to pivot between related events and searches

B.

Pivotable hyperlinks available in a Host Search

C.

Custom event data queries bookmarked by the currently signed in Falcon user

D.

Raw Falcon event data

A list of managed and unmanaged neighbors for an endpoint can be found:

A.

by using Hosts page in the Investigate tool

B.

by reviewing "Groups" in Host Management under the Hosts page

C.

under "Audit" by running Sensor Visibility Exclusions Audit

D.

only by searching event data using Event Search

You receive an email from a third-party vendor that one of their services is compromised,thevendor names a specific IP address that the compromised service was using. Where would you input this indicator to find any activity related to this IP address?

A.

IP Addresses

B.

Remote or Network Logon Activity

C.

Remote Access Graph

D.

Hash Executions

You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?

A.

User logons after the detection

B.

Executions of schtasks.exe after the detection

C.

Scheduled tasks registered prior to the detection

D.

Pivot to a Hash search for taskeng.exe