When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?
When examining raw event data, what is the purpose of the field called ParentProcessld_decimal?A . It contains an internal value not useful for an investigationB . It contains the TargetProcessld_decimal value of the child processC . It contains the Sensorld_decimal value for related eventsD . It contains the TargetProcessld_decimal of...
What types of events are returned by a Process Timeline?
What types of events are returned by a Process Timeline?A . Only detection eventsB . All cloudable eventsC . Only process eventsD . Only network eventsView AnswerAnswer: C Explanation: Only process events: This option suggests that the timeline focuses exclusively on events directly related to the process in question. This...
What is the difference between a Host Search and a Host Timeline?
What is the difference between a Host Search and a Host Timeline?A . Results from a Host Search return information in an organized view by type, while a Host Timeline returns a view of all events recorded by the sensorB . A Host Timeline only includes process execution events and...
What activity should you investigate next?
You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?A . User logons after the detectionB . Executions of schtasks.exe after the detectionC . Scheduled tasks registered prior to the detectionD . Pivot to a Hash search for taskeng.exeView AnswerAnswer: C...
The function of Machine Learning Exclusions is to___________.
The function of Machine Learning Exclusions is to___________.A . stop all detections for a specific pattern IDB . stop all sensor data collection for the matching path(s)C . Stop all Machine Learning Preventions but a detection will still be generated and files will still be uploaded to the CrowdStrike CloudD...
From the Detections page, how can you view 'in-progress' detections assigned to Falcon Analyst Alex?
From the Detections page, how can you view 'in-progress' detections assigned to Falcon Analyst Alex?A . Filter on'Analyst: Alex'B . Alex does not have the correct role permissions as a Falcon Analyst to be assigned detectionsC . Filter on 'Hostname: Alex' and 'Status: In-Progress'D . Filter on 'Status: In-Progress' and...
Which of the following is returned from the IP Search tool?
Which of the following is returned from the IP Search tool?A . IP Summary information from Falcon events containing the given IPB . Threat Graph Data for the given IP from Falcon sensorsC . Unmanaged host data from system ARP tables for the given IPD . IP Detection Summary information...
Where can you find hosts that are in Reduced Functionality Mode?
Where can you find hosts that are in Reduced Functionality Mode?A . Event SearchB . Executive Summary dashboardC . Host SearchD . Installation TokensView AnswerAnswer: C Explanation: According to the CrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, Reduced Functionality Mode (RFM) is a state where a...
What happens when a hash is allowlisted?
What happens when a hash is allowlisted?A . Execution is prevented, but detection alerts are suppressedB . Execution is allowed on all hosts, including all other Falcon customersC . The hash is submitted for approval to be allowed to execute once confirmed by Falcon specialistsD . Execution is allowed on...
Which is TRUE regarding a file released from quarantine?
Which is TRUE regarding a file released from quarantine?A . No executions are allowed for 14 days after releaseB . It is allowed to execute on all hostsC . It is deletedD . It will not generate future machine learning detections on the associated hostView AnswerAnswer: D Explanation: Releasing a...