Which of the following tactic and technique combinations is sourced from MITRE ATT&CK information?
Which of the following tactic and technique combinations is sourced from MITRE ATT&CK information?A . Falcon Intel via Intelligence Indicator - DomainB . Machine Learning via Cloud-Based MLC . Malware via PUPD . Credential Access via OS Credential DumpingView AnswerAnswer: D Explanation: According to the [MITRE ATT&CK website], MITRE ATT&CK...
Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?
After pivoting to an event search from a detection, you locate the ProcessRollup2 event. Which two field values are you required to obtain to perform a Process Timeline search so you can determine what the process was doing?A . SHA256 and TargetProcessld_decimalB . SHA256 and ParentProcessld_decimalC . aid and ParentProcessld_decimalD...
Which of the following is an example of a MITRE ATT&CK tactic?
Which of the following is an example of a MITRE ATT&CK tactic?A . Eternal BlueB . Defense EvasionC . EmotetD . PhishingView AnswerAnswer: B Explanation: According to the [MITRE ATT&CK website], MITRE ATT&CK is a knowledge base of adversary behaviors and techniques based on real-world observations. The knowledge base is...
A list of managed and unmanaged neighbors for an endpoint can be found:
A list of managed and unmanaged neighbors for an endpoint can be found:A . by using Hosts page in the Investigate toolB . by reviewing "Groups" in Host Management under the Hosts pageC . under "Audit" by running Sensor Visibility Exclusions AuditD . only by searching event data using Event...
What happens when you create a Sensor Visibility Exclusion for a trusted file path?
What happens when you create a Sensor Visibility Exclusion for a trusted file path?A . It excludes host information from Detections and Incidents generated within that file path locationB . It prevents file uploads to the CrowdStrike cloud from that file pathC . It excludes sensor monitoring and event collection...
Why might this be helpful?
The Process Activity View provides a rows-and-columns style view of the events generated in a detection. Why might this be helpful?A . The Process Activity View creates a consolidated view of all detection events for that process that can be exported for further analysisB . The Process Activity View will...
What do IOA exclusions help you achieve?
What do IOA exclusions help you achieve?A . Reduce false positives based on Next-Gen Antivirus settings in the Prevention PolicyB . Reduce false positives of behavioral detections from IOA based detections onlyC . Reduce false positives of behavioral detections from IOA based detections based on a file hashD . Reduce...
Which option indicates a hash is allowlisted?
Which option indicates a hash is allowlisted?A . No ActionB . AllowC . IgnoreD . Always BlockView AnswerAnswer: B Explanation: According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the allowlist feature allows you to exclude files or directories from being scanned or blocked by CrowdStrike’s machine...
Which of the following is NOT an option for any Event Action?
After running an Event Search, you can select many Event Actions depending on your results. Which of the following is NOT an option for any Event Action?A . Draw Process ExplorerB . Show a +/- 10-minute window of eventsC . Show a Process Timeline for the responsible processD . Show...
What action is used when you want to save a prevention hash for later use?
What action is used when you want to save a prevention hash for later use?A . Always BlockB . Never BlockC . Always AllowD . No ActionView AnswerAnswer: A Explanation: According to the CrowdStrike Falcon® Data Replicator (FDR) Add-on for Splunk Guide, the Always Block action allows you to block...