Create Next App

crowdstrike CCFH_202

Exam contains 88 questions

Page 6 of 15

Question 31 🔥

In the MITRE ATT&CK Framework (version 11 - the newest version released in April 2022), which of the following pair of tactics is not in the Enterprise: Windows matrix?

Which database solution meets these requirements?

A. Persistence and Execution

Highly voted

B. Impact and Collection

Highly voted

C. Privilege Escalation and Initial Access

Highly voted

D. Reconnaissance and Resource Development

Highly voted

Discussion of the question

Question 32 🔥

In which of the following stages of the Cyber Kill Chain does the actor not interact with the victim endpoint(s)?

Which database solution meets these requirements?

A. Exploitation

Highly voted

B. Weaponization

Highly voted

C. Command & control

Highly voted

D. Installation

Highly voted

Discussion of the question

Question 33 🔥

What information is provided from the MITRE ATT&CK framework in a detection's Execution Details?

Which database solution meets these requirements?

A. Grouping Tag

Highly voted

B. Command Line

Highly voted

C. Technique ID

Highly voted

D. Triggering Indicator

Highly voted

Discussion of the question

Question 34 🔥

You need details about key data fields and sensor events which you may expect to find from Hosts running the Falcon sensor. Which documentation should you access?

Which database solution meets these requirements?

A. Events Data Dictionary

Highly voted

B. Streaming API Event Dictionary

Highly voted

C. Hunting and Investigation

Highly voted

D. Event stream APIs

Highly voted

Discussion of the question

Question 35 🔥

The Events Data Dictionary found in the Falcon documentation is useful for writing hunting queries because:

Which database solution meets these requirements?

A. It provides pre-defined queries you can customize to meet your specific threat hunting needs

Highly voted

B. It provides a list of all the detect names and descriptions found in the Falcon Cloud

Highly voted

C. It provides a reference of information about the events found in the Investigate > Event Search page of the Falcon Console

Highly voted

D. It provides a list of compatible splunk commands used to query event data

Highly voted

Discussion of the question

Question 36 🔥

Which of the following is a suspicious process behavior?

Which database solution meets these requirements?

A. PowerShell running an execution policy of RemoteSigned

Highly voted

B. An Internet browser (eg., Internet Explorer) performing multiple DNS requests

Highly voted

C. PowerShell launching a PowerShell script

Highly voted

D. Non-network processes (e.g., notepad.exe) making an outbound network connection

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

crowdstrike CCFH_202

Exam contains 88 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us