New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CrowdStrike > CrowdStrike Falcon Certification Program > CCFH-202

CCFH-202 CrowdStrike Certified Falcon Hunter Question and Answers

Question # 4

Which of the following Event Search queries would only find the DNS lookups to the domain: www randomdomain com?

A.

event_simpleName=DnsRequest DomainName=www randomdomain com

B.

event_simpleName=DnsRequest DomainName=randomdomain com ComputerName=localhost

C.

Dns=randomdomain com

D.

ComputerName=localhost DnsRequest "randomdomain com"

Full Access
Question # 5

An analyst has sorted all recent detections in the Falcon platform to identify the oldest in an effort to determine the possible first victim host What is this type of analysis called?

A.

Visualization of hosts

B.

Statistical analysis

C.

Temporal analysis

D.

Machine Learning

Full Access
Question # 6

Which of the following does the Hunting and Investigation Guide contain?

A.

A list of all event types and their syntax

B.

A list of all event types specifically used for hunting and their syntax

C.

Example Event Search queries useful for threat hunting

D.

Example Event Search queries useful for Falcon platform configuration

Full Access
Question # 7

Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

A.

Real Time Response and Network Containment

B.

Hunting and Investigation

C.

Events Data Dictionary

D.

Incident and Detection Monitoring

Full Access
Question # 8

The Events Data Dictionary found in the Falcon documentation is useful for writing hunting queries because:

A.

It provides pre-defined queries you can customize to meet your specific threat hunting needs

B.

It provides a list of all the detect names and descriptions found in the Falcon Cloud

C.

It provides a reference of information about the events found in the Investigate > Event Search page of the Falcon Console

D.

It provides a list of compatible splunk commands used to query event data

Full Access
Question # 9

You want to produce a list of all event occurrences along with selected fields such as the full path, time, username etc.Which command would be the appropriate choice?

A.

fields

B.

distinctcount

C.

table

D.

values

Full Access