Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

What does pivoting to an Event Search from a detection do?

A.

It gives you the ability to search for similar events on other endpoints quickly

B.

It takes you to the raw Insight event data and provides you with a number of Event Actions

C.

It takes you to a Process Timeline for that detection so you can see all related events

D.

It allows you to input an event type, such as DNS Request or ASEP write, and search for those events within the detection

In the ' User Search - File Written ' section, a responder can see various files dropped by a user. Which of the following file types CANNOT be seen from this view?

A.

Scripts (.ps1, .sh)

B.

Executables (.exe)

C.

Executions (Process starts)

D.

Archive files (.zip, .7z)

A list of managed and unmanaged neighbors for an endpoint can be found:

A.

by using Hosts page in the Investigate tool

B.

by reviewing " Groups " in Host Management under the Hosts page

C.

under " Audit " by running Sensor Visibility Exclusions Audit

D.

only by searching event data using Event Search

In the ' Investigate > Hunt > Linux Sensors ' dashboard, responders can view various Linux-specific activities. Which of the following sub-titling is NOT displayed in this dashboard?

A.

Sudo Executions

B.

Cron Usage

C.

Kernel Module Loads

D.

User Logins

During the incident response process, a responder must update the status of a detection. Which of the following options is NOT a valid detection status recognized by the Falcon console?

A.

New

B.

Complete

C.

In Progress

D.

True Positive

What do IOA exclusions help you achieve?

A.

Reduce false positives based on Next-Gen Antivirus settings in the Prevention Policy

B.

Reduce false positives of behavioral detections from IOA based detections only

C.

Reduce false positives of behavioral detections from IOA based detections based on a file hash

D.

Reduce false positives of behavioral detections from Custom IOA and OverWatch detections only

A responder is unsure about the difference between ' Detection ' and ' Prevention ' settings. Where can they find information about Detection and Prevention Policies?

A.

On the public CrowdStrike blog.

B.

In the Support page under the Docs section.

C.

By clicking the ' About ' button in the user profile.

D.

In the training videos on the main Dashboard.

In the Falcon console, detections can be automated or manual. Which of the following options represents a manual detection?

A.

A detection triggered by the Machine Learning engine.

B.

A Falcon Overwatch-pushed detection.

C.

A detection based on a Custom IOA.

D.

A detection matched against a known Intelligence IOC.

When investigating system-level persistence, it is critical to know what the services.exe process is responsible for. What is its primary function?

A.

Managing user profiles and registry hives during login.

B.

Launching and managing the lifecycle of system services.

C.

Monitoring network traffic for potential data exfiltration.

D.

Providing a graphical interface for the Windows Task Manager.

During a targeted investigation into a potentially compromised internal administrative account, a responder utilizes the User Search functionality within the Investigate menu. The goal is to identify if the account was leveraged to drop or launch unauthorized binaries across multiple systems in the environment. Which specific data category is natively visible in the User Search results to facilitate this check?

A.

Registry Key Operations

B.

Network File Transfer ports

C.

Unique Executables Written and Process Executions

D.

BIOS and Hardware modification logs