1. Home
  2. CrowdStrike
  3. CCFR-201b Exam Syllabus

CrowdStrike CCFR-201b Exam Syllabus

Start Free CCFR-201b Exam Practice After Reviewing the Topics

Before starting your CCFR-201b exam preparation, it is recommended to review the complete CrowdStrike Certified Falcon Responder exam syllabus and carefully go through the exam objectives listed below. Once you understand the exam structure and objectives, you should practice using our free CCFR-201b questions. We also provide premium CCFR-201b practice test, fully updated according to the latest exam objectives, to help you accurately assess your preparedness for the actual exam.

CrowdStrike CCFR-201b Exam Objectives

Section Objectives
ATT&CK Frameworks
  • 1.1 Understand what information the MITRE ATT&CK framework provides
  • 1.2 Apply MITRE ATT&CK tactics and techniques within Falcon to provide context to a detection
Detection Analysis
  • 2.1 Recommend courses of action based on the analysis of information provided with Falcon
  • 2.2 Interpret information displayed in the Endpoint security > Activity dashboard
  • 2.3 Interpret information displayed in Endpoint security > Endpoint detections
  • 2.4 Determine appropriate response to an activity based on detection source
  • 2.5 Understand use cases for built-in OSINT tools
  • 2.6 Explain what contextual event data is available in detection (IP/DNS/Disk/etc.)
  • 2.7 Triage a detection using filtering, grouping and sort-by
  • 2.8 Evaluate the impact of internal and external prevalance
  • 2.9 Evaluate an activity and determine a response based on information displayed in the Full Detection view
  • 2.10 Interpret the data provided in the View As Process Tree, View As Process Table and View As Process Activity
  • 2.11 Indentify managed/unmanaged Neighbors for an endpoint during a Host Search
  • 2.12 Understand an IOC and the different types of actions available via Falcon
  • 2.13 Distinguish the uses cases for various Has Management Actions (Block, Block and Hide Detection, Detect Only, Allow, No action)
  • 2.14 Understand the effects of allowlisting and blocklisting
  • 2.15 Explain the effects of machine learning exclusion rules, sensor visibility exclusions, and IOA exclusions
  • 2.16 Apply best practices to quarantined files
Event Search
  • 3.1 Perform an Event Advanced Search from a detection and refine a search using event actions
  • 3.2 Determine when and why to use specific event actions
  • 3.3 Distinguish between commonly used event types
Event Investigation
  • 4.1 Explain what information a Process Timeline will provide
  • 4.2 Explain what information a Hosts Timeline will provide
  • 4.3 Understand when to pivot to a Process Timeline or Process Explorer from an Event Search
  • 4.4 Analyze process relationships (parent/child/sibling) using the information contained in the Full Detection Details
Search Tools
  • 5.1 Analyze the information provided in a User Search
  • 5.2 Analyze the information provided in an IP Search
  • 5.3 Analyze the information provided in a Hash Search
  • 5.4 Analyze the information provided in Host Search results
  • 5.5 Analyze the information provided in a Bulk Domain Search
Real Time Response (RTR)
  • 6.1 Explain the technical capabilities of Falcon Real Time Response
  • 6.2 Identify administrative requirements for Real Time Response settings
  • 6.3 Determine when and how to connect to a host
  • 6.4 Investigate a threat within Falcon and use RTR commands to remediate it
  • 6.5 Utilize custom scripts in RTR to remediate a threat
  • 6.6 Set up a Workflow with RTR custom scripts
  • 6.7 Review audit logs to audit RTR activity
Official Information https://assets.crowdstrike.com/is/content/crowdstrikeinc/CCFR_CertificationGuidepdf

Limited Time Offer

50%

Off

Get Premium CCFR-201b Questions as Interactive Practice Test or PDF