Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFH-202 Topic 6 Question 17 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam
Question #: 17
Topic #: 6
[All CCFH-202 Questions]

The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:

Show Suggested Answer Hide Answer
Suggested Answer: C

The Hunting and Investigation guide contains example Event Search queries useful for threat hunting. These queries are based on common threat hunting use cases and scenarios, such as finding suspicious processes, network connections, registry activity, etc. The guide also explains how to customize and modify the queries to suit different needs and environments. The guide does not contain a list of all event types and their syntax, as that information is provided in the Events Data Dictionary. The guide also does not contain example Event Search queries useful for Falcon platform configuration, as that is not the focus of the guide.


by Lettie at May 02, 2024, 02:52 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Barb
12 days ago
A password guessing attack? Sounds like someone's trying to brute-force their way in. D is the way to go, for sure.
upvoted 0 times
...
Gilbert
14 days ago
Haha, I bet it's the users locking themselves out. Classic IT support scenario right there. But seriously, I'm going with D as well.
upvoted 0 times
...
Leontine
20 days ago
I don't think it's C. Users forgetting their new passwords shouldn't cause a sudden increase in lockouts. D sounds like the best bet to me.
upvoted 0 times
...
Emilio
1 months ago
Hmm, I'm not sure. Could it be a zero-day vulnerability in the Exchange server? That seems like a plausible attack vector.
upvoted 0 times
Salena
2 days ago
User 1: It's possible that a zero-day vulnerability is being exploited on the Exchange server.
upvoted 0 times
...
Huey
3 days ago
User 3: Maybe we should investigate further to confirm if that's the case.
upvoted 0 times
...
Sheridan
14 days ago
User 2: That's a good point. It's definitely a possibility.
upvoted 0 times
...
Cristina
19 days ago
User 1: I think it could be a zero-day vulnerability on the Exchange server.
upvoted 0 times
...
...
Krissy
1 months ago
I think the answer is D. A password guessing attack on remote access mechanisms like VPN is the most likely cause of the account lockouts.
upvoted 0 times
...
Marti
2 months ago
I'm not sure, but B) A publicly available web application being hacked could also be a possibility. We should investigate both scenarios.
upvoted 0 times
...
Elza
2 months ago
I agree with Lakeesha, it makes sense that someone is trying to guess passwords to gain unauthorized access.
upvoted 0 times
...
Lakeesha
2 months ago
I think the best hunting hypothesis is D) A password guessing attack is being executed against remote access mechanisms such as VPN.
upvoted 0 times
...

Save Cancel