Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 3 Question 20 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 20
Topic #: 3
[All CCFR-201 Questions]

You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Data Replicator (FDR) Add-on for Splunk Guide, when you quarantine a file from a host using IOC Management or Real Time Response (RTR), you are moving it from its original location to a secure location on the host where it cannot be executed2.The file is also encrypted and renamed with a random string of characters2.On Windows hosts, quarantined files are stored in C:WindowsSystem32DriversCrowdStrikeQuarantine folder2.


by Filiberto at Aug 03, 2024, 03:26 PM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Theola
3 months ago
Wait, is this one of those trick questions where the answer is 'all of the above'? *winks*
upvoted 0 times
...
Cornell
3 months ago
I bet the answer is C. Identifying the users associated with the hashes would be pretty interesting, don't you think? Although, who knows, maybe the tool can do some super-secret user-hash mind reading.
upvoted 0 times
...
Winfred
3 months ago
Option A sounds great, but I'm not sure if the tool can provide that level of detail. I'm going with B.
upvoted 0 times
Rima
1 months ago
Yeah, B is a good choice. It gives us a clear idea of where the hashes were executed.
upvoted 0 times
...
Brittney
1 months ago
I agree, B seems like the most practical choice. It's important to know which hosts are involved.
upvoted 0 times
...
Odette
2 months ago
I think B is the best option. It can help us identify hosts that loaded or executed the hashes.
upvoted 0 times
...
...
Myra
3 months ago
Hmm, I was leaning towards option D. Identifying detections related to the hashes could be really useful in this scenario.
upvoted 0 times
Bobbye
2 months ago
Yes, option D seems like the most relevant choice for analyzing the list of SHA256 hashes.
upvoted 0 times
...
Yuette
3 months ago
I agree, knowing the detections related to the hashes can provide valuable insights into the potential threats.
upvoted 0 times
...
Dorsey
3 months ago
Option D is definitely a good choice. It can help us understand the detections related to the hashes.
upvoted 0 times
...
...
Tina
4 months ago
I think option B is the correct answer. The hash execution search should be able to identify the hosts that have executed the specified hashes.
upvoted 0 times
Jacquline
3 months ago
Yes, the hash execution search should be able to pinpoint the hosts that loaded or executed the specified hashes.
upvoted 0 times
...
Billy
3 months ago
I agree, option B seems like the most logical choice.
upvoted 0 times
...
...
Ronald
4 months ago
I'm not sure, but I think it could also be D) Identifies detections related to the specified hashes. That way we can see if any threats were detected.
upvoted 0 times
...
Lashawn
4 months ago
I agree with Katie. It makes sense that the search would show the hosts where the hashes were executed.
upvoted 0 times
...
Katie
4 months ago
I think the answer is B) Identifies hosts that loaded or executed the specified hashes.
upvoted 0 times
...

Save Cancel