CrowdStrike Certified Falcon Responder (CCFR) — Question 33

When analyzing an executable with a global prevalence of common; but you do not know what the executable is, what is the best course of action?

Answer options

• A. Do nothing, as this file is common and well known
• B. From detection, click the VT Hash button to pivot to VirusTotal to investigate further
• C. From detection, use API manager to create a custom blocklist
• D. From detection, submit to FalconX for deep dive analysis

Correct answer: B

Explanation

The correct answer is B because using the VT Hash button allows you to leverage VirusTotal's extensive database for additional insights on the executable. Option A is incorrect as taking no action could leave potential threats unexamined. Option C is not ideal since creating a blocklist might prematurely blacklist an unknown file without proper analysis. Option D, while thorough, may not be necessary for a file that is already common and could be quickly assessed using VirusTotal.