CrowdStrike CCFH-202 CrowdStrike Certified Falcon Hunter Online Training
CrowdStrike CCFH-202 Online Training
The questions for CCFH-202 were last updated at Dec 24,2024.
- Exam Code: CCFH-202
- Exam Name: CrowdStrike Certified Falcon Hunter
- Certification Provider: CrowdStrike
- Latest update: Dec 24,2024
Which of the following would be the correct field name to find the name of an event?
- A . Event_SimpleName
- B . Event_Simple_Name
- C . EVENT_SIMPLE_NAME
- D . event_simpleName
Which of the following Event Search queries would only find the DNS lookups to the domain: www randomdomain com?
- A . event_simpleName=DnsRequestDomainName=www randomdomain com
- B . event_simpleName=DnsRequestDomainName=randomdomain com ComputerName=localhost
- C . Dns=randomdomain com
- D . ComputerName=localhost DnsRequest "randomdomain com"
How do you rename fields while using transforming commands such as table, chart, and stats?
- A . By renaming the fields with the "rename" command after the transforming command e.g. "stats count by ComputerName | rename count AS total_count"
- B . You cannot rename fields as it would affect sub-queries and statistical analysis
- C . By using the "renamed" keyword after the field name eg "stats count renamed totalcount by ComputerName"
- D . By specifying the desired name after the field name eg "stats count totalcount by ComputerName"
SPL (Splunk) eval statements can be used to convert Unix times (Epoch) into UTC readable time Which eval function is correct^
- A . now
- B . typeof
- C . strftime
- D . relative time
Which of the following queries will return the parent processes responsible for launching badprogram exe?
- A . [search (ParentProcess) where name=badprogranrexe ] | table ParentProcessName _time
- B . event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename ParentProcessld_decimal AS TargetProcessld_decimal | fields aid TargetProcessld_decimal] | stats count by FileName _time
- C . [search (ProcessList) where Name=badprogram.exe ] | search ParentProcessName | table ParentProcessName _time
- D . event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename TargetProcessld_decimal AS ParentProcessld_decimal | fields aid TargetProcessld_decimal] | stats count by FileName _time
You want to produce a list of all event occurrences along with selected fields such as the full path, time, username etc.
Which command would be the appropriate choice?
- A . fields
- B . distinct count
- C . table
- D . values
When exporting the results of the following event search, what data is saved in the exported file (assuming Verbose Mode)? event_simpleName=*Written | stats count by ComputerName
- A . The text of the query
- B . The results of the Statistics tab
- C . No data Results can only be exported when the "table" command is used
- D . All events in the Events tab
The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:
- A . A zero-day vulnerability is being exploited on a Microsoft Exchange server
- B . A publicly available web application has been hacked and is causing the lockouts
- C . Users are locking their accounts out because they recently changed their passwords
- D . A password guessing attack is being executed against remote access mechanisms such as VPN
To find events that are outliers inside a network,___________is the best hunting method to use.
- A . time-based
- B . machine learning
- C . searching
- D . stacking
Latest CCFH-202 Dumps Valid Version with 60 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
