Create Next App

crowdstrike CCFH_202

Custom view settings

Exam contains 88 questions

Page 11 of 15

Question 61 🔥

When looking at a process tree, what do the nodes represent?

Which database solution meets these requirements?

A. The nodes only indicate severity

Highly voted

B. The nodes represent process execution

Highly voted

C. The nodes represent tactic and techniques used only

Highly voted

D. The nodes do not give any information necessary for analysis but depict a picture for clarity

Highly voted

Discussion of the question

Question 62 🔥

Suspicious RDP connections have been observed on a host within your environment. How do you utilize Event Search to show all connections on this specific host?

Which database solution meets these requirements?

A. event_simpleName=UserIdentity LogonType_decimal=10 | table timestamp ComputerName UserName UserPrincipal LogonServer

Highly voted

B. Table timestamp ComputerName UserName UserPrincipal LogonServer

Highly voted

C. UserIdentity=LogonType_decimal=10 | table timestamp UserPrincipal LogonServer

Highly voted

D. aid=[my-aid] event_simpleName=UserIdentity LogonType_decimal=10 | table timestampComputerName UserName UserPrincipal LogonServer

Highly voted

Discussion of the question

Question 63 🔥

To best determine the root cause of an enterprise wide infection you would:

Which database solution meets these requirements?

A. Examine a list of processes by hash to determine the latest execution time and last infected machine.

Highly voted

B. Perform frequency analysis to identify outlier processes that should not be running in your environment.

Highly voted

C. Examine a list of process executions with a specific hash to determine the earliest execution time.

Highly voted

D. Examine a list of outbound network connections on non-standard ports to identify suspicious processes.

Highly voted

Discussion of the question

Question 64 🔥

Which of the following process trees should raise the most suspicion that adversary activity may be present on a web server?

Which database solution meets these requirements?

A. SMSS.EXE >> WINLOGON.EXE >> USERINIT.EXE >> EXPLORER.EXE >> WORD.EXE

Highly voted

B. WINLOGON.EXE >> USERINIT.EXE >> EXPLORER.EXE >> OUTLOOK.EXE >> CHROME.EXE

Highly voted

C. WININIT.EXE >> SERVICES >> SVCHOST.EXE >> TASKENG.EXE >> POWERSHELL.EXE

Highly voted

D. WININIT.EXE >> SERVICES >> SVCHOST.EXE >> W3WP.EXE >> CMEXE

Highly voted

Discussion of the question

Question 65 🔥

When searching for all events related to a specific process which field(s) should be selected in a query from the Event Actions drop down menu?

Which database solution meets these requirements?

A. ContextProcessId_decimal

Highly voted

B. timestamp

Highly voted

C. Both TargetProcessId_decimal and ContextProcessId_decimal

Highly voted

D. TargetProcessId_decimal

Highly voted

Discussion of the question

Question 66 🔥

Your environment has several PowerShell scripts running that are Base64 encoded. Which of the following areas of Falcon will show you the decoded PowerShell commands?

Which database solution meets these requirements?

A. PowerShell Encoded Commands report

Highly voted

B. PowerShell Hunt report

Highly voted

C. Event Search for event_simpleName=processrollup2 FileName=powershell.exe

Highly voted

D. Command Line view of a Detection

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

crowdstrike CCFH_202

Exam contains 88 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us