Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFH-202 Topic 2 Question 21 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 21
Topic #: 2
[All CCFH-202 Questions]

Adversaries commonly execute discovery commands such as netexe, ipconfig.exe, and whoami exe. Rather than query for each of these commands individually, you would like to use a single query with all of them. What Splunk operator is needed to complete the following query?

Show Suggested Answer Hide Answer
Suggested Answer: B

The Linux Sensor report is where an analyst would find information about shells spawned by root, Kernel Module loads, and wget/curl usage. The Linux Sensor report is a pre-defined report that provides a summary view of selected activities on Linux hosts. It shows information such as process execution events, network connection events, file write events, etc. that occurred on Linux hosts within a specified time range. The Sensor Health report, the Sensor Policy Daily report, and the Mac Sensor report do not provide the same information.


by Felix at Jun 21, 2024, 10:58 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Georgene
1 months ago
This question is making me hungry. I could go for a nice juicy IPconfig right about now.
upvoted 0 times
Mickie
2 days ago
C) NOT
upvoted 0 times
...
Jannette
24 days ago
B) IN
upvoted 0 times
...
Brittni
27 days ago
A) OR
upvoted 0 times
...
...
Georgeanna
2 months ago
I think the AND operator is the way to go. After all, we want to find all those commands in the results, right?
upvoted 0 times
Adell
1 months ago
User 2: Yeah, the AND operator will help us narrow down the search to include all the specified commands.
upvoted 0 times
...
Talia
1 months ago
User 1: I agree, using the AND operator makes sense to include all those commands in the results.
upvoted 0 times
...
...
Karan
2 months ago
Haha, good one! Maybe they're trying to trick us with the NOT operator. That would be a real knee-slapper.
upvoted 0 times
...
Kandis
2 months ago
I'm not sure, but I think OR could also work in this scenario to include multiple commands.
upvoted 0 times
...
Kerry
2 months ago
I'm not so sure about that. The IN operator might be a better fit since we're looking for a list of values.
upvoted 0 times
Moira
8 days ago
Hmm, I see your point. Maybe D) AND is the right choice after all
upvoted 0 times
...
Joanna
14 days ago
Actually, I agree with the first response. D) AND makes more sense to combine all those commands
upvoted 0 times
...
Kimbery
19 days ago
No, I believe it's A) OR because we want to include any of those commands in the results
upvoted 0 times
...
Youlanda
1 months ago
I think the correct operator is D) AND
upvoted 0 times
...
...
Anisha
2 months ago
I agree with Xuan, using AND operator makes sense to combine multiple commands in a single query.
upvoted 0 times
...
Hui
2 months ago
The OR operator seems like the obvious choice here. We want to match any of those commands, not all of them.
upvoted 0 times
...
Xuan
2 months ago
I think the answer is D) AND.
upvoted 0 times
...

Save Cancel
a