CCFH-202b by CrowdStrike Actual Free Exam Questions And Answers

Question 1

Which of the following would be the correct field name to find the name of an event?

A. Event_Simple_Name

B. Event_SimpleName

C. event_simpleName

D. EVENT_SIMPLE_NAME

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

In which of the following stages of the Cyber Kill Chain does the actor not interact with the victim endpoint(s)?

A. Installation

B. Weaponization

C. Exploitation

D. Command & control

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

In the Powershell Hunt report, what does the "score" signify?

A. Maliciousness score determined by NGAV

B. A cumulative score of the various potential command line switches

C. How recently the PowerShell script executed

D. Number of hosts that ran the PowerShell script

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Which of the following is the proper method to quantify search results, enabling a hunter to quickly sort and identify outliers?

A. Exporting Event Search results to a spreadsheet and aggregating the results

B. Using the "|stats count" command at the end of a search string in Event Search

C. Using the "|eval" command at the end of a search string in Event Search

D. Using the "| stats count by" command at the end of a search string in Event Search

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

Which of the following Event Search queries would only find the DNS lookups to the domain: www randomdomain com?

A. ComputerName=localhost DnsRequest "randomdomain com"

B. Dns=randomdomain com

C. event_simpleName=DnsRequest DomainName=randomdomain com ComputerName=localhost

D. event_simpleName=DnsRequest DomainName=www randomdomain com

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

To find events that are outliers inside a network,___________is the best hunting method to use.

A. searching

B. machine learning

C. stacking

D. time-based

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

Which threat framework allows a threat hunter to explore and model specific adversary tactics and techniques, with links to intelligence and case studies?

A. NIST 800-171 Cyber Threat Framework

B. MITRE ATT&CK

C. Director of National Intelligence Cyber Threat Framework

D. Lockheed Martin Cyber Kill Chain

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

CrowdStrike Certified Falcon Hunter - CCFH-202b Exam Practice Test

Contact Us

Useful Links

Latest Updated