Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFH-202 Topic 6 Question 17 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 17
Topic #: 6
[All CCFH-202 Questions]

The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:

Show Suggested Answer Hide Answer
Suggested Answer: C

The Hunting and Investigation guide contains example Event Search queries useful for threat hunting. These queries are based on common threat hunting use cases and scenarios, such as finding suspicious processes, network connections, registry activity, etc. The guide also explains how to customize and modify the queries to suit different needs and environments. The guide does not contain a list of all event types and their syntax, as that information is provided in the Events Data Dictionary. The guide also does not contain example Event Search queries useful for Falcon platform configuration, as that is not the focus of the guide.


by Lettie at May 02, 2024, 02:52 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Barb
3 months ago
A password guessing attack? Sounds like someone's trying to brute-force their way in. D is the way to go, for sure.
upvoted 0 times
...
Gilbert
3 months ago
Haha, I bet it's the users locking themselves out. Classic IT support scenario right there. But seriously, I'm going with D as well.
upvoted 0 times
Jovita
1 months ago
Let's focus on securing the VPN to prevent any potential attacks.
upvoted 0 times
...
Beckie
2 months ago
We should investigate the remote access mechanisms for any suspicious activity.
upvoted 0 times
...
Karol
2 months ago
I think it's more likely a password guessing attack is happening.
upvoted 0 times
...
Janessa
2 months ago
I agree, users forgetting their passwords is a common issue.
upvoted 0 times
...
...
Leontine
3 months ago
I don't think it's C. Users forgetting their new passwords shouldn't cause a sudden increase in lockouts. D sounds like the best bet to me.
upvoted 0 times
Lourdes
2 months ago
Let's also check for any unusual activity on our VPN logs to confirm if this hypothesis is correct.
upvoted 0 times
...
Slyvia
2 months ago
We should investigate further to see if there are any signs of a password guessing attack on our remote access mechanisms.
upvoted 0 times
...
Derick
2 months ago
I agree, D does seem like a plausible explanation for the increase in account lockouts.
upvoted 0 times
...
...
Emilio
3 months ago
Hmm, I'm not sure. Could it be a zero-day vulnerability in the Exchange server? That seems like a plausible attack vector.
upvoted 0 times
Dorothy
2 months ago
User 3: I think we should investigate both possibilities to be safe.
upvoted 0 times
...
Dean
2 months ago
User 2: Maybe, but it could also be a password guessing attack on the VPN.
upvoted 0 times
...
Salena
2 months ago
User 1: It's possible that a zero-day vulnerability is being exploited on the Exchange server.
upvoted 0 times
...
Huey
2 months ago
User 3: Maybe we should investigate further to confirm if that's the case.
upvoted 0 times
...
Sheridan
3 months ago
User 2: That's a good point. It's definitely a possibility.
upvoted 0 times
...
Cristina
3 months ago
User 1: I think it could be a zero-day vulnerability on the Exchange server.
upvoted 0 times
...
...
Krissy
3 months ago
I think the answer is D. A password guessing attack on remote access mechanisms like VPN is the most likely cause of the account lockouts.
upvoted 0 times
...
Marti
4 months ago
I'm not sure, but B) A publicly available web application being hacked could also be a possibility. We should investigate both scenarios.
upvoted 0 times
...
Elza
4 months ago
I agree with Lakeesha, it makes sense that someone is trying to guess passwords to gain unauthorized access.
upvoted 0 times
...
Lakeesha
4 months ago
I think the best hunting hypothesis is D) A password guessing attack is being executed against remote access mechanisms such as VPN.
upvoted 0 times
...

Save Cancel