Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 1 Question 16 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 16
Topic #: 1
[All CCFR-201 Questions]

Within the MITRE-Based Falcon Detections Framework, what is the correct way to interpret Keep Access > Persistence > Create Account?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, when you quarantine a file from a host using IOC Management or Real Time Response (RTR), you are moving it from its original location to a secure location on the host where it cannot be executed2.The file is also encrypted and renamed with a random string of characters2.On Windows hosts, quarantined files are stored in C:WindowsSystem32DriversCrowdStrikeQuarantine folder2.


by Justine at Jun 21, 2024, 06:01 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Georgene
2 months ago
Well, at least the adversary is being polite and 'keeping access' rather than just barging in. Gotta love those courteous hackers!
upvoted 0 times
Johnson
1 months ago
D) adversary is trying to keep access through persistence using application skimming
upvoted 0 times
...
Alease
1 months ago
That's one way to look at it!
upvoted 0 times
...
Delbert
1 months ago
C) An adversary is trying to keep access through persistence using external remote services
upvoted 0 times
...
Rebecka
2 months ago
A) An adversary is trying to keep access through persistence by creating an account
upvoted 0 times
...
...
Kris
2 months ago
Hmm, 'application skimming' doesn't really fit the description. I'd say A is the way to go on this one.
upvoted 0 times
Ling
1 months ago
Yeah, A makes the most sense in this context.
upvoted 0 times
...
Denise
1 months ago
I agree, A seems like the most accurate interpretation.
upvoted 0 times
...
...
Julio
2 months ago
C seems plausible, but the question specifically mentions 'Create Account', so I believe A is the right answer here.
upvoted 0 times
...
Laura
2 months ago
I don't think B is correct. Browser extensions are not the same as creating an account for persistence.
upvoted 0 times
Mirta
1 months ago
D) adversary is trying to keep access through persistence using application skimming
upvoted 0 times
...
Ellen
1 months ago
I agree, creating an account is different from using external remote services for persistence.
upvoted 0 times
...
Rosio
2 months ago
C) An adversary is trying to keep access through persistence using external remote services
upvoted 0 times
...
Cammy
2 months ago
A) An adversary is trying to keep access through persistence by creating an account
upvoted 0 times
...
...
Ludivina
2 months ago
I'm not sure, but I think option C could also be a possibility since external remote services can also help with persistence.
upvoted 0 times
...
Coral
2 months ago
The correct answer is A. The MITRE-Based Falcon Detections Framework clearly indicates that 'Keep Access > Persistence > Create Account' means the adversary is trying to maintain their access through persistence by creating an account.
upvoted 0 times
...
Celestina
2 months ago
I agree with Mee, option A makes sense because creating an account can help the adversary maintain access.
upvoted 0 times
...
Mee
2 months ago
I think the correct way to interpret Keep Access > Persistence > Create Account is option A.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77