Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 2 Question 21 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 21
Topic #: 2
[All CCFR-201 Questions]

When reviewing a Host Timeline, which of the following filters is available?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Host Timeline tool allows you to view all events recorded by the sensor for a given host in a chronological order1.The events include process executions, file writes, registry modifications, network connections, user logins, etc1.You can use various filters to narrow down the events based on criteria such as event type, timestamp range, file name, registry key, network destination, etc1.However, there is no filter for severity, user name, or detection ID, as these are not attributes of the events1.


by Ty at Aug 24, 2024, 08:02 AM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Hollis
10 months ago
B) Event Types, no doubt. Unless the exam is trying to make us all look like fools, in which case the answer is probably C) User Name and D) Detection ID. Gotta be ready for those curveballs!
upvoted 0 times
...
Benedict
10 months ago
Hmm, B) Event Types is the obvious choice here. Unless the exam question is trying to trick us, of course. In which case, D) Detection ID it is!
upvoted 0 times
Sophia
9 months ago
Good point, we should consider all options before making a decision.
upvoted 0 times
...
Lashaunda
9 months ago
But what if the question is trying to trick us? Maybe D) Detection ID is the right choice.
upvoted 0 times
...
Laurel
9 months ago
I agree, it's the most common one to look at.
upvoted 0 times
...
Silvana
10 months ago
I think B) Event Types is the best filter to use.
upvoted 0 times
...
...
Judy
11 months ago
I'm going with B) Event Types. I mean, what's the point of a timeline if you can't filter by the actual events, am I right?
upvoted 0 times
...
Donte
11 months ago
A) Severity could be helpful, but B) and C) seem more relevant. This is a tricky one!
upvoted 0 times
Minna
9 months ago
D) Detection ID might be helpful in certain cases, but I think B) Event Types and C) User Name are more important filters to consider.
upvoted 0 times
...
Filiberto
10 months ago
I agree, C) User Name could also provide valuable information when reviewing a Host Timeline.
upvoted 0 times
...
Lenny
10 months ago
I think B) Event Types would be the most useful filter to review a Host Timeline.
upvoted 0 times
...
...
Dwight
11 months ago
I think using the Severity filter can help prioritize the events in the Host Timeline.
upvoted 0 times
...
Lajuana
11 months ago
I believe the User Name filter would be the most useful to narrow down the timeline events.
upvoted 0 times
...
Caitlin
11 months ago
I agree with Wenona, those are the filters you can use when reviewing a Host Timeline.
upvoted 0 times
...
Wenona
11 months ago
I think the filters available are Severity, Event Types, User Name, and Detection ID.
upvoted 0 times
...
Julie
11 months ago
D) Detection ID seems like a bit of a stretch for a Host Timeline. I'd go with B) or C).
upvoted 0 times
...
Shonda
11 months ago
C) User Name would be super useful too, especially for tracking user activity on the system.
upvoted 0 times
Bette
11 months ago
C) User Name is definitely useful for monitoring user activity.
upvoted 0 times
...
Ulysses
11 months ago
A) Severity is important to filter out critical events.
upvoted 0 times
...
...
Shawnee
12 months ago
I think it's definitely B) Event Types. That's the most logical filter for a Host Timeline, right?
upvoted 0 times
Eura
10 months ago
I agree, Event Types is a logical filter to use when analyzing the activity on a host.
upvoted 0 times
...
Emmanuel
11 months ago
I believe it's also possible to filter by Severity and User Name on the Host Timeline.
upvoted 0 times
...
Hillary
11 months ago
Yes, you're correct. Event Types is one of the filters available when reviewing a Host Timeline.
upvoted 0 times
...
...

Save Cancel