New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

CrowdStrike CCFH-202 CrowdStrike Certified Falcon Hunter Exam Practice Test

Page: 1 / 6
Total 60 questions

CrowdStrike Certified Falcon Hunter Questions and Answers

Question 1

Which structured analytic technique contrasts different hypotheses to determine which is the best leading (prioritized) hypothesis?

Options:

A.

Model hunting framework

B.

Competitive analysis

C.

Analysis of competing hypotheses

D.

Key assumptions check

Question 2

Which of the following would be the correct field name to find the name of an event?

Options:

A.

Event_SimpleName

B.

Event_Simple_Name

C.

EVENT_SIMPLE_NAME

D.

event_simpleName

Question 3

In the MITRE ATT&CK Framework (version 11 - the newest version released in April 2022), which of the following pair of tactics is not in the Enterprise: Windows matrix?

Options:

A.

Persistence and Execution

B.

Impact and Collection

C.

Privilege Escalation and Initial Access

D.

Reconnaissance and Resource Development

Question 4

Which SPL (Splunk) field name can be used to automatically convert Unix times (Epoch) to UTC readable time within the Flacon Event Search?

Options:

A.

utc_time

B.

conv_time

C.

_time

D.

time

Question 5

Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

Options:

A.

Real Time Response and Network Containment

B.

Hunting and Investigation

C.

Events Data Dictionary

D.

Incident and Detection Monitoring

Question 6

You would like to search for ANY process execution that used a file stored in the Recycle Bin on a Windows host. Select the option to complete the following EAM query.

Question # 6

Options:

A.

*$Recycle Bin^

B.

*$Recycle Bin*

C.

^$Recycle Bin*

D.

^$Recycle.Bin%^

Question 7

While you're reviewing Unresolved Detections in the Host Search page, you notice the User Name column contains "hostnameS " What does this User Name indicate?

Options:

A.

The User Name is a System User

B.

The User Name is not relevant for the dashboard

C.

There is no User Name associated with the event

D.

The Falcon sensor could not determine the User Name

Question 8

Which of the following is a way to create event searches that run automatically and recur on a schedule that you set?

Options:

A.

Workflows

B.

Event Search

C.

Scheduled Searches

D.

Scheduled Reports

Question 9

Lateral movement through a victim environment is an example of which stage of the Cyber Kill Chain?

Options:

A.

Command & Control

B.

Actions on Objectives

C.

Exploitation

D.

Delivery

Page: 1 / 6
Total 60 questions