Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike CCFH-202b Exam - Topic 6 Question 7 Discussion

Actual exam question for CrowdStrike's CCFH-202b exam
Question #: 7
Topic #: 6
[All CCFH-202b Questions]

Adversaries commonly execute discovery commands such as netexe, ipconfig.exe, and whoami exe. Rather than query for each of these commands individually, you would like to use a single query with all of them. What Splunk operator is needed to complete the following query?

Show Suggested Answer Hide Answer
Suggested Answer: A

The OR operator is needed to complete the following query, as it allows to search for events that match any of the specified values. The query would look like this:

event_simpleName=ProcessRollup2 FileName=net.exe OR FileName=ipconfig.exe OR FileName=whoami.exe

The OR operator is used to combine multiple search terms or expressions and return events that match at least one of them. The IN, NOT, and AND operators are not suitable for this query, as they have different functions and meanings.


by Han at Apr 05, 2026, 03:03 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202b Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kanisha
3 days ago
I thought AND would work too, but I guess not.
upvoted 0 times
...
Nickole
8 days ago
Definitely need to use OR for that.
upvoted 0 times
...
Emile
29 days ago
I definitely recall using OR for similar queries in practice, so I’m leaning towards that as the right choice here.
upvoted 0 times
...
Justine
1 month ago
I feel like AND could be a possibility, but it seems more likely that we need to include options rather than narrow them down.
upvoted 0 times
...
Alona
1 month ago
I'm not entirely sure, but I remember practicing a question where we had to combine terms, and I think IN was used there.
upvoted 0 times
...
Arlene
1 month ago
I think the answer might be OR since we want to include multiple commands in the same query.
upvoted 0 times
...

Save Cancel