Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFH-202 Topic 2 Question 9 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 9
Topic #: 2
[All CCFH-202 Questions]

Which of the following is an example of a Falcon threat hunting lead?

Show Suggested Answer Hide Answer
Suggested Answer: A

The Agent ID (AID) and the Target Process ID are the elements that are required to properly execute a Process Timeline. The Agent ID (AID) is a unique identifier for each host that has a Falcon sensor installed. The Target Process ID is the decimal representation of the process identifier for the process that you want to investigate. These two elements are used to query the cloud for the events related to the process on the host. The Agent ID (AID) only, the Hostname and Local Process ID, and the Target Process ID only are not sufficient to execute a Process Timeline.


by Lindsey at Aug 08, 2023, 01:23 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Annmarie
22 days ago
D, no doubt. Anything with the word 'ransomware' is a surefire winner. Although, I do wonder if the answer is hidden in the file extension, like 'R4ns0mw4r3.exe'.
upvoted 0 times
...
Jean
24 days ago
A single letter filename from a temp directory? That's like trying to find a needle in a haystack made of needles. I'm going with C - that help desk ticket sounds like a real juicy lead.
upvoted 0 times
Kelvin
2 days ago
I agree, that help desk ticket seems like a clear indicator of a potential threat.
upvoted 0 times
...
...
Jules
27 days ago
Hmm, A seems a bit too generic. Maybe the security appliance logs in B could be useful, but I think I'll go with C. Who doesn't love a good 'user clicked on a link' story?
upvoted 0 times
...
Hyman
28 days ago
B sounds promising, but I'm going to go with D. That unique file extension is a dead giveaway for ransomware, and it's an external report, so it's gotta be legit, right?
upvoted 0 times
Yesenia
1 days ago
I agree with you, D seems like the most reliable lead. We should definitely investigate further based on that external report.
upvoted 0 times
...
Lashawna
13 days ago
I see your point, but I still think D is the best option. That unique file extension for ransomware is a clear indicator of a threat.
upvoted 0 times
...
Edison
15 days ago
I think B is a good choice too, but I'm leaning towards A. Process executions of single letter filenames from temporary directories sounds suspicious.
upvoted 0 times
...
...
Wenona
2 months ago
I'm not sure, but I think B) Security appliance logs showing potentially bad traffic to an unknown external IP address could also be a valid option.
upvoted 0 times
...
Deane
2 months ago
A routine threat hunt query? Really? That's like looking for a needle in a haystack. I'll go with C - that user clicking on a sketchy link is a much better lead to investigate.
upvoted 0 times
Elenore
19 days ago
Yeah, it's definitely a more actionable lead compared to a routine threat hunt query.
upvoted 0 times
...
Lauryn
21 days ago
I agree, investigating the user clicking on a sketchy link is a more direct lead.
upvoted 0 times
...
...
Desirae
2 months ago
I agree with Hildred, that seems like a clear example of Falcon threat hunting lead.
upvoted 0 times
...
Hildred
2 months ago
I think the answer is A) A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories.
upvoted 0 times
...

Save Cancel