CrowdStrike CCFR-201b Exam - Topic 5 Question 8 Discussion

Actual exam question for CrowdStrike's CCFR-201b exam

Question #: 8
Topic #: 5

You found a list of SHA256 hashes in an intelligence report and search for them using the Hash Execution Search. What can be determined from the results?

AIdentifies a detailed list of all process executions for the specified hashes

BIdentifies hosts that loaded or executed the specified hashes

CIdentifies users associated with the specified hashes

DIdentifies detections related to the specified hashes

Show Suggested Answer

Suggested Answer: B

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Hash Execution Search tool allows you to search for one or more SHA256 hashes and view a summary of information from Falcon events that contain those hashes1.The summary includes the hostname, sensor ID, OS, country, city, ISP, ASN, and geolocation of the host that loaded or executed those hashes1.You can also see a count of detections and incidents related to those hashes1.

by Dexter at Apr 08, 2026, 11:12 PM

Limited Time Offer

25%

2 months ago

I think the answer might be B, since it seems like it would show where those hashes were executed.

upvoted 0 times

...