Free CrowdStrike CCFR-201b Exam Questions

Become CrowdStrike Certified with updated CCFR-201b exam questions and correct answers

Page: 1 / 12

Total 60 Questions | Updated On: May 10, 2026

Add To Cart

Question 1

You notice that taskeng.exe is one of the processes involved in a detection. What activity should you investigate next?

A : User logons after the detection

B : Executions of schtasks.exe after the detection

C : Scheduled tasks registered prior to the detection

D : Pivot to a Hash search for taskeng.exe

Answer: C

Question 2

Where can you find hosts that are in Reduced Functionality Mode?

A : Event Search

B : Executive Summary dashboard

C : Host Search

D : Installation Tokens

Answer: C

Question 3

What action is used when you want to save a prevention hash for later use?

A : Always Block

B : Never Block

C : Always Allow

D : No Action

Answer: A

Question 4

The Falcon platform will show a maximum of how many detections per day for a single Agent Identifier (AID)?

A : 500

B : 750

C : 1000

D : 1200

Answer: C

Question 5

What happens when you open the full detection details?

A : The process explorer opens and the detection is removed from the console

B : The process explorer opens and you’re able to view the processes and process relationships

C : The process explorer opens and the detection copies to the clipboard

D : The process explorer opens and the Event Search query is run for the detection

Answer: B

Page: 1 / 12

Total 60 Questions | Updated On: May 10, 2026

Add To Cart