Examice

Exam CCFR-201 All QuestionsBrowse all questions from this exam

Question 46

When analyzing an executable with a global prevalence of common; but you do not know what the executable is, what is the best course of action?

Do nothing, as this file is common and well known

From detection, click the VT Hash button to pivot to VirusTotal to investigate further

From detection, use API manager to create a custom blocklist

From detection, submit to FalconX for deep dive analysis

Correct Answer: B

When you encounter an executable file with a global prevalence marked as 'common' but its specific functionality is unknown, the best course of action is to investigate further using VirusTotal (VT). Clicking the VT Hash button will allow you to pivot to VirusTotal, where you can access detailed information about the hash, including its reputation and any associated threat intelligence. This enables you to make a more informed decision about the nature and potential risk of the executable.

Discussion

alanalanalanOption: B

Answer is B, check with the VT.

silva222222Option: B

The best course of action when analyzing an executable with a global prevalence of "common" but unknown functionality is: B. From detection, click the VT Hash button to pivot to VirusTotal to investigate further

kangaruOption: B

You don't know what the hash corresponds to, then look in VT. It provides you all details of the hash together with it's reputation.

sbag0024Option: B

Going with B on this one. It is an option when looking at Full detection details.

sbag0024Option: B

Going with B on this one. It is an option when looking at Full detection details.

Aicha78Option: B

B is correct

wildbandanaOption: C

100% sure