Create Next App

crowdstrike CCFH_202

Custom view settings

Exam contains 88 questions

Page 7 of 15

Question 37 🔥

What topics are presented in the Hunting and Investigation Guide?

Which database solution meets these requirements?

A. Detailed tutorial on writing advanced queries such as sub-searches and joins

Highly voted

B. Detailed summary of event names, descriptions, and some key data fields for hunting and investigation

Highly voted

C. Sample hunting queries, select walkthroughs and best practices for hunting with Falcon

Highly voted

D. Recommended platform configurations and prevention settings to ensure detections are generated for hunting leads

Highly voted

Discussion of the question

Question 38 🔥

Which of the following does the Hunting and Investigation Guide contain?

Which database solution meets these requirements?

A. A list of all event types and their syntax

Highly voted

B. A list of all event types specifically used for hunting and their syntax

Highly voted

C. Example Event Search queries useful for threat hunting

Highly voted

D. Example Event Search queries useful for Falcon platform configuration

Highly voted

Discussion of the question

Question 39 🔥

Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

Which database solution meets these requirements?

A. Real Time Response and Network Containment

Highly voted

B. Hunting and Investigation

Highly voted

C. Events Data Dictionary

Highly voted

D. Incident and Detection Monitoring

Highly voted

Discussion of the question

Question 40 🔥

What is the main purpose of the Mac Sensor report?

Which database solution meets these requirements?

A. To identify endpoints that are in Reduced Functionality Mode

Highly voted

B. To provide a summary view of selected activities on Mac hosts

Highly voted

C. To provide vulnerability assessment for Mac Operating Systems

Highly voted

D. To provide a dashboard for Mac related detections

Highly voted

Discussion of the question

Question 41 🔥

Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?

Which database solution meets these requirements?

A. Sensor Health report

Highly voted

B. Linux Sensor report

Highly voted

C. Sensor Policy Daily report

Highly voted

D. Mac Sensor report

Highly voted

Discussion of the question

Question 42 🔥

Which of the following is a suspicious process behavior?

Which database solution meets these requirements?

A. PowerShell running an execution policy of RemoteSigned

Highly voted

B. An Internet browser (eg., Internet Explorer) performing multiple DNS requests

Highly voted

C. PowerShell launching a PowerShell script

Highly voted

D. Non-network processes (e.g., notepad.exe) making an outbound network connection

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

crowdstrike CCFH_202

Exam contains 88 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us