CCFH-202 by CrowdStrike Actual Free Exam Questions And Answers

Question 1

What information is provided when using IP Search to look up an IP address?

A. Suspicious IP addresses

B. Internal IPs only

C. External IPs only

D. Both internal and external IPs

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

Which pre-defined reports offer information surrounding activities that typically indicate suspicious activity occurring on a system?

A. Timeline reports

B. Hunt reports

C. Scheduled searches

D. Sensor reports

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

Which of the following queries will return the parent processes responsible for launching badprogram exe?

A. event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename TargetProcessld_decimal AS ParentProcessld_decimal | fields aid TargetProcessld_decimal] | stats count by FileName _time

B. event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename ParentProcessld_decimal AS TargetProcessld_decimal | fields aid TargetProcessld_decimal] | stats count by FileName _time

C. [search (ProcessList) where Name=badprogram.exe ] | search ParentProcessName | table ParentProcessName _time

D. [search (ParentProcess) where name=badprogranrexe ] | table ParentProcessName _time

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

While you're reviewing Unresolved Detections in the Host Search page, you notice the User Name column contains "hostnameS " What does this User Name indicate?

A. The User Name is a System User

B. There is no User Name associated with the event

C. The Falcon sensor could not determine the User Name

D. The User Name is not relevant for the dashboard

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

Which of the following is the proper method to quantify search results, enabling a hunter to quickly sort and identify outliers?

A. Exporting Event Search results to a spreadsheet and aggregating the results

B. Using the "|stats count" command at the end of a search string in Event Search

C. Using the "|eval" command at the end of a search string in Event Search

D. Using the "| stats count by" command at the end of a search string in Event Search

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

You need details about key data fields and sensor events which you may expect to find from Hosts running the Falcon sensor. Which documentation should you access?

A. Event stream APIs

B. Events Data Dictionary

C. Hunting and Investigation

D. Streaming API Event Dictionary

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

Which of the following best describes the purpose of the Mac Sensor report?

A. The Mac Sensor report provides a comprehensive view of activities occurring on Mac hosts, including items of interest that may be hunting or investigation leads

B. The Mac Sensor report provides a detection focused view of known malicious activities occurring on Mac hosts, including machine-learning and indicator-based detections

C. The Mac Sensor report displays a listing of all Mac hosts without a Falcon sensor installed

D. The Mac Sensor report displays a listing of all Mac hosts with a Falcon sensor installed

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

CrowdStrike Certified Falcon Hunter - CCFH-202 Exam Practice Test

Contact Us

Useful Links

Latest Updated