Which command would be the appropriate choice?
You want to produce a list of all event occurrences along with selected fields such as the full path, time, username etc. Which command would be the appropriate choice?A . fields B. distinct count C. table D. valuesView AnswerAnswer: C Explanation: The table command is used to produce a list...
Which of the following queries will return the parent processes responsible for launching badprogram exe?
Which of the following queries will return the parent processes responsible for launching badprogram exe?A . [search (ParentProcess) where name=badprogranrexe ] | table ParentProcessName _time B. event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename ParentProcessld_decimal AS TargetProcessld_decimal | fields aid TargetProcessld_decimal] | stats count by FileName _time C. [search (ProcessList) where Name=badprogram.exe...
Which field should you reference in order to find the system time of a *FileWritten event?
Which field should you reference in order to find the system time of a *FileWritten event?A . ContextTimeStamp_decimal B. FileTimeStamp_decimal C. ProcessStartTime_decimal D. timestampView AnswerAnswer: A Explanation: ContextTimeStamp_decimal is the field that shows the system time of the event that triggered the sensor to send data to the cloud. In...
Event Search data is recorded with which time zone?
Event Search data is recorded with which time zone?A . PST B. GMT C. EST D. UTCView AnswerAnswer: D Explanation: Event Search data is recorded with UTC (Coordinated Universal Time) time zone. UTC is a standard time zone that is used as a reference point for other time zones. PST...
Which SPL (Splunk) field name can be used to automatically convert Unix times (Epoch) to UTC readable time within the Flacon Event Search?
Which SPL (Splunk) field name can be used to automatically convert Unix times (Epoch) to UTC readable time within the Flacon Event Search?A . utc_time B. conv_time C. _time D. timeView AnswerAnswer: C Explanation: _time is the SPL (Splunk) field name that can be used to automatically convert Unix times...
Which of the following is an example of a Falcon threat hunting lead?
Which of the following is an example of a Falcon threat hunting lead?A . A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories B. Security appliance logs showing potentially bad traffic to an unknown external IP address C. A help desk ticket...
At initial glance; what indicators can we use to provide an initial analysis of the file?
Refer to Exhibit. Falcon detected the above file attempting to execute. At initial glance; what indicators can we use to provide an initial analysis of the file?A . VirusTotal, Hybrid Analysis, and Google pivot indicator lights enabled B. File name, path, Local and Global prevalence within the environment C. File...
The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when which PowerShell Command line parameter is present?
The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when which PowerShell Command line parameter is present?A . -Command B. -Hidden C. -e D. -nopView AnswerAnswer: A Explanation: The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when the -Command parameter is...
To find events that are outliers inside a network,___________is the best hunting method to use.
To find events that are outliers inside a network,___________is the best hunting method to use.A . time-based B. machine learning C. searching D. stackingView AnswerAnswer: D Explanation: Stacking (Frequency Analysis) is the best hunting method to use to find events that are outliers inside a network. Stacking involves grouping events...
What Search page would help a threat hunter differentiate testing, DevOPs, or general user activity from adversary behavior?
What Search page would help a threat hunter differentiate testing, DevOPs, or general user activity from adversary behavior?A . Hash Search B. IP Search C. Domain Search D. User SearchView AnswerAnswer: D Explanation: User Search is a search page that allows a threat hunter to search for user activity across...