Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike CCFH-202b Exam - Topic 5 Question 3 Discussion

In the Powershell Hunt report, what does the "score" signify?
D) A cumulative score of the various potential command line switches
A) Number of hosts that ran the PowerShell script
B) How recently the PowerShell script executed
C) Maliciousness score determined by NGAV

CrowdStrike CCFH-202b Exam - Topic 5 Question 3 Discussion

Actual exam question for CrowdStrike's CCFH-202b exam
Question #: 3
Topic #: 5
[All CCFH-202b Questions]

In the Powershell Hunt report, what does the "score" signify?

Show Suggested Answer Hide Answer
Suggested Answer: D

In the Powershell Hunt report, the score signifies a cumulative score of the various potential command line switches that were used in the PowerShell script execution. The score is based on a weighted system that assigns different values to different switches based on their potential maliciousness or usefulness for threat hunting. For example, -EncodedCommand has a higher value than -NoProfile. The score does not signify the number of hosts that ran the PowerShell script, how recently the PowerShell script executed, or the maliciousness score determined by NGAV.


by Herman at Jan 29, 2026, 03:03 AM

Limited Time Offer

25%

Off

Get Premium CCFH-202b Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Toshia
29 days ago
I agree with TechGuru, NGAV gives the score!
upvoted 0 times
...
Ria
1 month ago
Wait, is it really just a cumulative score? That seems off.
upvoted 0 times
...
Craig
1 month ago
Definitely A, number of hosts running it.
upvoted 0 times
...
Tien
1 month ago
I thought it was about how recent the script ran.
upvoted 0 times
...
Shaniqua
2 months ago
It's the maliciousness score from NGAV, right?
upvoted 0 times
...
Ryann
2 months ago
The "score" is actually the number of times the PowerShell script made me laugh. Gotta keep it light, you know?
upvoted 0 times
...
Anglea
2 months ago
The "score" must be how recently the PowerShell script executed. Duh, it's the most recent activity that matters.
upvoted 0 times
...
Chantay
2 months ago
Haha, the "score" is obviously the cumulative score of the various potential command line switches. What else could it be?
upvoted 0 times
...
Sheron
2 months ago
I'm pretty sure the "score" is the number of hosts that ran the PowerShell script. That's the only option that makes sense to me.
upvoted 0 times
...
Stephen
3 months ago
The "score" signifies the maliciousness score determined by the NGAV. That's the most logical answer.
upvoted 0 times
...
Elza
3 months ago
I’m leaning towards option A, but I’m not confident. I just remember the score being tied to host activity somehow.
upvoted 0 times
...
Ryan
3 months ago
I feel like we had a practice question about command line switches and their impact on scores. Maybe it’s option D?
upvoted 0 times
...
Valentine
4 months ago
I’m not entirely sure, but I remember something about how often scripts run being important. Could it be option B?
upvoted 0 times
...
Delbert
4 months ago
I think the score might relate to the maliciousness of the script, like option C? That sounds familiar from our NGAV discussions.
upvoted 0 times
...
Olga
4 months ago
I'm a bit confused on this one. I'll need to carefully read through the question and the options to figure out the best approach.
upvoted 0 times
...
Portia
4 months ago
I'm leaning towards option C - the maliciousness score determined by the NGAV. That seems like the most logical interpretation to me.
upvoted 0 times
...
Garry
4 months ago
Okay, let's see. I'm thinking it might be the number of hosts that ran the PowerShell script, but I'm not 100% confident on that.
upvoted 0 times
...
Desiree
4 months ago
The "score" could be related to the maliciousness detected by the NGAV, but I'm not entirely sure. I'll have to review the report details.
upvoted 0 times
...
Hildred
5 months ago
Hmm, this one's a bit tricky. I'll need to think through the different options carefully.
upvoted 0 times
...

Save Cancel