CrowdStrike CCFH-202 Exam With Confidence Using Practice Dumps

Discovering internet-facing servers is an example of actor actions during the RECONNAISSANCE phase of the Cyber Kill Chain. The RECONNAISSANCE phase is where the adversary researches and identifies targets, vulnerabilities, and attack vectors. Discovering internet-facing servers is a way for the adversary to find potential entry points or weaknesses in the target network.

Reconnaissance and Resource Development are two tactics that are not in the Enterprise: Windows matrix of the MITRE ATT&CK Framework (version 11). These two tactics are part of the PRE-ATT&CK matrix, which covers the actions that adversaries take before compromising a target. The Enterprise: Windows matrix covers the actions that adversaries take after gaining initial access to a Windows system. Persistence, Execution, Impact, Collection, Privilege Escalation, and Initial Access are all tactics that are in the Enterprise: Windows matrix.

Bulk Domain Search is the tool that you should use in Falcon to review a list of domains recently banned by your organization’s acceptable use policy and look for the number of hosts that have visited each domain. Bulk Domain Search is an Investigate tool that allows you to search for multiple domains at once and view their network connection events across all hosts in your environment. It shows information such as domain name, number of hosts visited, number of detections generated, etc. for each domain. Create a custom alert for each domain, Allowed Domain Summary Report, and IP Addresses Search are not tools that you should use for this purpose.