Labour Day Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

CrowdStrike Certified Falcon Hunter Question and Answers

CrowdStrike Certified Falcon Hunter

Last Update Apr 28, 2024
Total Questions : 60

We are offering FREE CCFH-202 CrowdStrike exam questions. All you do is to just go and sign up. Give your details, prepare CCFH-202 free exam questions and then go for complete pool of CrowdStrike Certified Falcon Hunter test questions that will help you more.

CCFH-202 pdf

CCFH-202 PDF

$35  $99.99
 Add to Cart
CCFH-202 Engine

CCFH-202 Testing Engine

$42  $119.99
 Add to Cart
CCFH-202 PDF + Engine

CCFH-202 PDF + Testing Engine

$56  $159.99
 Add to Cart
Questions 1

An analyst has sorted all recent detections in the Falcon platform to identify the oldest in an effort to determine the possible first victim host What is this type of analysis called?

Options:

A.  

Visualization of hosts

B.  

Statistical analysis

C.  

Temporal analysis

D.  

Machine Learning

Discussion 0
Questions 2

Falcon detected the above file attempting to execute. At initial glance; what indicators can we use to provide an initial analysis of the file?

Options:

A.  

VirusTotal, Hybrid Analysis, and Google pivot indicator lights enabled

B.  

File name, path, Local and Global prevalence within the environment

C.  

File path, hard disk volume number, and IOC Management action

D.  

Local prevalence, IOC Management action, and Event Search

Discussion 0
Questions 3

Which of the following is an example of actor actions during the RECONNAISSANCE phase of the Cyber Kill Chain?

Options:

A.  

Installing a backdoor on the victim endpoint

B.  

Discovering internet-facing servers

C.  

Emailing the intended victim with a malware attachment

D.  

Loading a malicious payload into a common DLL

Discussion 0
Questions 4

Which structured analytic technique contrasts different hypotheses to determine which is the best leading (prioritized) hypothesis?

Options:

A.  

Model hunting framework

B.  

Competitive analysis

C.  

Analysis of competing hypotheses

D.  

Key assumptions check

Discussion 0
Questions 5

When performing a raw event search via the Events search page, what are Event Actions?

Options:

A.  

Event Actions contains an audit information log of actions an analyst took in regards to a specific detection

B.  

Event Actions contains the summary of actions taken by the Falcon sensor such as quarantining a file, prevent a process from executing or taking no actions and creating a detection only

C.  

Event Actions are pivotable workflows including connecting to a host, pre-made event searches and pivots to other investigatory pages such as host search

D.  

Event Actions is the field name that contains the event name defined in the Events Data Dictionary such as ProcessRollup, SyntheticProcessRollup, DNS request, etc

Discussion 0
Questions 6

Which of the following is a way to create event searches that run automatically and recur on a schedule that you set?

Options:

A.  

Workflows

B.  

Event Search

C.  

Scheduled Searches

D.  

Scheduled Reports

Discussion 0
Questions 7

Adversaries commonly execute discovery commands such as netexe, ipconfig.exe, and whoami exe. Rather than query for each of these commands individually, you would like to use a single query with all of them. What Splunk operator is needed to complete the following query?

Options:

A.  

OR

B.  

IN

C.  

NOT

D.  

AND

Discussion 0
Questions 8

What is the difference between a Host Search and a Host Timeline?

Options:

A.  

Host Search is used for detection investigation and Host Timeline is used for proactive hunting

B.  

A Host Search organizes the data in useful event categories like process executions and network connections, a Host Timeline provides an uncategorized view of recorded events in chronological order

C.  

You access a Host Search from a detection to show you every recorded process event related to the detection and you can only populate the Host Timeline fields manually

D.  

There is no difference. You just get to them different ways

Discussion 0
Questions 9

A benefit of using a threat hunting framework is that it:

Options:

A.  

Automatically generates incident reports

B.  

Eliminates false positives

C.  

Provides high fidelity threat actor attribution

D.  

Provides actionable, repeatable steps to conduct threat hunting

Discussion 0