CrowdStrike CCFH-202b Exam - Topic 7 Question 2 Discussion

Actual exam question for CrowdStrike's CCFH-202b exam

Question #: 2
Topic #: 7

The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:

AA zero-day vulnerability is being exploited on a Microsoft Exchange server

BA publicly available web application has been hacked and is causing the lockouts

CUsers are locking their accounts out because they recently changed their passwords

DA password guessing attack is being executed against remote access mechanisms such as VPN

Show Suggested Answer

Suggested Answer: D

A hunting hypothesis is a statement that describes a possible malicious activity that can be tested with data and analysis. A good hunting hypothesis should be specific, testable, and relevant to the problem or goal. In this case, the best hunting hypothesis from the following is that a password guessing attack is being executed against remote access mechanisms such as VPN, as it explains the possible cause and method of the user account lockouts in a specific and testable way. A zero-day vulnerability on a Microsoft Exchange server is too vague and does not explain how it relates to the lockouts. A hacked web application is also too vague and does not specify how it causes the lockouts. Users locking their accounts out because they recently changed their passwords is not a malicious activity and does not account for the increase in calls.

by Veda at Jan 27, 2026, 08:10 AM

Limited Time Offer

25%

1 month ago

Hmm, this is a tricky one. I'm not sure if it's a zero-day vulnerability or a password guessing attack. I'll need to think this through carefully.

upvoted 0 times

...