Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFH-202 Topic 2 Question 21 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 21
Topic #: 2
[All CCFH-202 Questions]

Adversaries commonly execute discovery commands such as netexe, ipconfig.exe, and whoami exe. Rather than query for each of these commands individually, you would like to use a single query with all of them. What Splunk operator is needed to complete the following query?

Show Suggested Answer Hide Answer
Suggested Answer: B

The Linux Sensor report is where an analyst would find information about shells spawned by root, Kernel Module loads, and wget/curl usage. The Linux Sensor report is a pre-defined report that provides a summary view of selected activities on Linux hosts. It shows information such as process execution events, network connection events, file write events, etc. that occurred on Linux hosts within a specified time range. The Sensor Health report, the Sensor Policy Daily report, and the Mac Sensor report do not provide the same information.


by Felix at Jun 21, 2024, 10:58 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Georgeanna
5 days ago
I think the AND operator is the way to go. After all, we want to find all those commands in the results, right?
upvoted 0 times
...
Karan
6 days ago
Haha, good one! Maybe they're trying to trick us with the NOT operator. That would be a real knee-slapper.
upvoted 0 times
...
Kandis
6 days ago
I'm not sure, but I think OR could also work in this scenario to include multiple commands.
upvoted 0 times
...
Kerry
8 days ago
I'm not so sure about that. The IN operator might be a better fit since we're looking for a list of values.
upvoted 0 times
...
Anisha
8 days ago
I agree with Xuan, using AND operator makes sense to combine multiple commands in a single query.
upvoted 0 times
...
Hui
9 days ago
The OR operator seems like the obvious choice here. We want to match any of those commands, not all of them.
upvoted 0 times
...
Xuan
16 days ago
I think the answer is D) AND.
upvoted 0 times
...

Save Cancel