Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 3 Question 20 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 20
Topic #: 3
[All CCFR-201 Questions]

You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, when you quarantine a file from a host using IOC Management or Real Time Response (RTR), you are moving it from its original location to a secure location on the host where it cannot be executed2.The file is also encrypted and renamed with a random string of characters2.On Windows hosts, quarantined files are stored in C:WindowsSystem32DriversCrowdStrikeQuarantine folder2.


by Filiberto at Aug 03, 2024, 03:26 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Theola
1 months ago
Wait, is this one of those trick questions where the answer is 'all of the above'? *winks*
upvoted 0 times
...
Cornell
1 months ago
I bet the answer is C. Identifying the users associated with the hashes would be pretty interesting, don't you think? Although, who knows, maybe the tool can do some super-secret user-hash mind reading.
upvoted 0 times
...
Winfred
1 months ago
Option A sounds great, but I'm not sure if the tool can provide that level of detail. I'm going with B.
upvoted 0 times
...
Myra
2 months ago
Hmm, I was leaning towards option D. Identifying detections related to the hashes could be really useful in this scenario.
upvoted 0 times
Bobbye
23 days ago
Yes, option D seems like the most relevant choice for analyzing the list of SHA256 hashes.
upvoted 0 times
...
Yuette
1 months ago
I agree, knowing the detections related to the hashes can provide valuable insights into the potential threats.
upvoted 0 times
...
Dorsey
1 months ago
Option D is definitely a good choice. It can help us understand the detections related to the hashes.
upvoted 0 times
...
...
Tina
2 months ago
I think option B is the correct answer. The hash execution search should be able to identify the hosts that have executed the specified hashes.
upvoted 0 times
Jacquline
1 months ago
Yes, the hash execution search should be able to pinpoint the hosts that loaded or executed the specified hashes.
upvoted 0 times
...
Billy
2 months ago
I agree, option B seems like the most logical choice.
upvoted 0 times
...
...
Ronald
2 months ago
I'm not sure, but I think it could also be D) Identifies detections related to the specified hashes. That way we can see if any threats were detected.
upvoted 0 times
...
Lashawn
2 months ago
I agree with Katie. It makes sense that the search would show the hosts where the hashes were executed.
upvoted 0 times
...
Katie
2 months ago
I think the answer is B) Identifies hosts that loaded or executed the specified hashes.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77