Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFH-202 Topic 2 Question 9 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 9
Topic #: 2
[All CCFH-202 Questions]

Which of the following is an example of a Falcon threat hunting lead?

Show Suggested Answer Hide Answer
Suggested Answer: A

The Agent ID (AID) and the Target Process ID are the elements that are required to properly execute a Process Timeline. The Agent ID (AID) is a unique identifier for each host that has a Falcon sensor installed. The Target Process ID is the decimal representation of the process identifier for the process that you want to investigate. These two elements are used to query the cloud for the events related to the process on the host. The Agent ID (AID) only, the Hostname and Local Process ID, and the Target Process ID only are not sufficient to execute a Process Timeline.


by Lindsey at Aug 08, 2023, 01:23 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Wenona
4 days ago
I'm not sure, but I think B) Security appliance logs showing potentially bad traffic to an unknown external IP address could also be a valid option.
upvoted 0 times
...
Deane
5 days ago
A routine threat hunt query? Really? That's like looking for a needle in a haystack. I'll go with C - that user clicking on a sketchy link is a much better lead to investigate.
upvoted 0 times
...
Desirae
5 days ago
I agree with Hildred, that seems like a clear example of Falcon threat hunting lead.
upvoted 0 times
...
Hildred
12 days ago
I think the answer is A) A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories.
upvoted 0 times
...

Save Cancel