CrowdStrike Certified Falcon Responder (CCFR) — Question 38

Which statement is TRUE regarding the "Bulk Domains" search?

Answer options

• A. It will show a list of computers and process that performed a lookup of any of the domains in your search
• B. The "Bulk Domains" search will allow you to blocklist your queried domains
• C. The "Bulk Domains" search will show IP address and port information for any associated connections
• D. You should only pivot to the "Bulk Domains" search tool after completing an investigation

Correct answer: A

Explanation

Option A is correct as it accurately describes that the 'Bulk Domains' search reveals which computers and processes have conducted lookups for the specified domains. The other options are incorrect because B suggests the ability to blocklist domains, which is not a function of this search; C inaccurately states that it provides IP and port information, which it does not; and D implies a necessary sequence that is not mandated for using the tool.