CrowdStrike CCFH-202 CrowdStrike Certified Falcon Hunter Exam Exam Practice Test Questions

• Question 1

  What kind of activity does a User Search help you investigate?

  • A history of Falcon Ul logon activity
  • A list of process activity executed by the specified user account
  • A count of failed user logon activity
  • A list of DNS queries by the specified user account

  Show Answer Answer: B Next

• Question 2

  What Investigate tool would you use to allow an analyst to view all events for a specific host?

  • Bulk Timeline
  • Host Search
  • Host Timeline
  • Process Timeline

  Show Answer Answer: C Next

• Question 3

  The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when which PowerShell Command line parameter is present?

  • -Command
  • -Hidden
  • -e
  • -nop

  Show Answer Answer: A Next

• Question 4

  The Process Timeline Events Details table will populate the Parent Process ID and the Parent File columns when the cloudable Event data contains which event field?

  • ContextProcessld_decimal
  • RawProcessld_decimal
  • ParentProcessld_decimal
  • RpcProcessld_decimal

  Show Answer Answer: C Next

• Question 5

  Which SPL (Splunk) field name can be used to automatically convert Unix times (Epoch) to UTC readable time within the Flacon Event Search?

  • Utc_time
  • Conv_time
  • _time
  • Time

  Show Answer Answer: C Next