Create Next App

crowdstrike CCFH_202

Exam contains 88 questions

Page 3 of 15

Question 13 🔥

How do you rename fields while using transforming commands such as table, chart, and stats?

Which database solution meets these requirements?

A. By renaming the fields with the “rename” command after the transforming command. e.g. “stats count by ComputerName | rename count AS total_count”

Highly voted

B. You cannot rename fields as it would affect sub-queries and statistical analysis

Highly voted

C. By using the “renamed” keyword after the field name. e.g. “stats count renamed totalcount by ComputerName”

Highly voted

D. By specifying the desired name after the field name. e.g. “stats count totalcount by ComputerName”

Highly voted

Discussion of the question

Question 14 🔥

SPL (Splunk) eval statements can be used to convert Unix times (Epoch) into UTC readable time. Which eval function is correct?

Which database solution meets these requirements?

A. now

Highly voted

B. typeof

Highly voted

C. strftime

Highly voted

D. relative_time

Highly voted

Discussion of the question

Question 15 🔥

Which of the following queries will return the parent processes responsible for launching badprogram.exe?

Which database solution meets these requirements?

A. [search (ParentProcess) where name=badprogram.exe ] | table ParentProcessName _time

Highly voted

B. event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename ParentProcessId_decimal AS TargetProcessId_decimal | fields aid TargetProcessId_decimal] | stats count by FileName _time

Highly voted

C. [search (ProcessList) where Name=badprogram.exe ] | search ParentProcessName | table ParentProcessName _time

Highly voted

D. event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename TargetProcessId_decimal AS ParentProcessId_decimal | fields aid TargetProcessId_decimal] | stats count by FileName _time

Highly voted

Discussion of the question

Question 16 🔥

You want to produce a list of all event occurrences along with selected fields such as the full path, time, username etc. Which command would be the appropriate choice?

Which database solution meets these requirements?

A. fields

Highly voted

B. distinctcount

Highly voted

C. table

Highly voted

D. values

Highly voted

Discussion of the question

Question 17 🔥

When exporting the results of the following event search, what data is saved in the exported file (assuming Verbose Mode)? event_simpleName=*Written | stats count by ComputerName

Which database solution meets these requirements?

A. The text of the query

Highly voted

B. The results of the Statistics tab

Highly voted

C. No data. Results can only be exported when the “table” command is used

Highly voted

D. All events in the Events tab

Highly voted

Discussion of the question

Question 18 🔥

Which of the following is a suspicious process behavior?

Which database solution meets these requirements?

A. PowerShell running an execution policy of RemoteSigned

Highly voted

B. An Internet browser (eg., Internet Explorer) performing multiple DNS requests

Highly voted

C. PowerShell launching a PowerShell script

Highly voted

D. Non-network processes (e.g., notepad.exe) making an outbound network connection

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

crowdstrike CCFH_202

Exam contains 88 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us