Create Next App

crowdstrike CCFH_202

Custom view settings

Exam contains 88 questions

Page 8 of 15

Question 43 🔥

Which of the following best describes the purpose of the Mac Sensor report?

Which database solution meets these requirements?

A. The Mac Sensor report displays a listing of all Mac hosts without a Falcon sensor installed

Highly voted

B. The Mac Sensor report provides a detection focused view of known malicious activities occurring on Mac hosts, including machine-learning and indicator-based detections

Highly voted

C. The Mac Sensor report displays a listing of all Mac hosts with a Falcon sensor installed

Highly voted

D. The Mac Sensor report provides a comprehensive view of activities occurring on Mac hosts, including items of interest that may be hunting or investigation leads

Highly voted

Discussion of the question

Question 44 🔥

In the Powershell Hunt report, what does the “score” signify?

Which database solution meets these requirements?

A. Number of hosts that ran the PowerShell script

Highly voted

B. How recently the PowerShell script executed

Highly voted

C. Maliciousness score determined by NGAV

Highly voted

D. A cumulative score of the various potential command line switches

Highly voted

Discussion of the question

Question 45 🔥

In the Powershell Hunt report, what does the filtering condition of CommandLine!="*badstring*" do?

Which database solution meets these requirements?

A. Prevents command lines containing “badstring” from being displayed

Highly voted

B. Displays only the command lines containing “badstring”

Highly voted

C. Highlights “badstring” in all command lines in the output

Highly voted

D. Highlights only the command lines containing “badstring”

Highly voted

Discussion of the question

Question 46 🔥

What Investigate tool would you use to allow an analyst to view all events for a specific host?

Which database solution meets these requirements?

A. Bulk Timeline

Highly voted

B. Host Search

Highly voted

C. Host Timeline

Highly voted

D. Process Timeline

Highly voted

Discussion of the question

Question 47 🔥

What do you click to jump to a Process Timeline from many pages in Falcon, such as a Hash Search?

Which database solution meets these requirements?

B. Process ID or Parent Process ID

Highly voted

C. CID

Highly voted

D. Process Timeline Link

Highly voted

A. PID

Highly voted

Discussion of the question

Question 48 🔥

What elements are required to properly execute a Process Timeline?

Which database solution meets these requirements?

A. Agent ID (AID) and Target Process ID

Highly voted

B. Agent ID (AID) only

Highly voted

C. Hostname and Local Process ID

Highly voted

D. Target Process ID only

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

crowdstrike CCFH_202

Exam contains 88 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us