New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium CrowdStrike CCFH-202 Dumps Questions Answers

Page: 1 / 2
Total 60 questions

CrowdStrike Certified Falcon Hunter Questions and Answers

Question 1

To view Files Written to Removable Media within a specified timeframe on a host within the Host Search page, expand and refer to the _______dashboard panel.

Options:

A.

Command Line and Admin Tools

B.

Processes and Services

C.

Registry, Tasks, and Firewall

D.

Suspicious File Activity

Buy Now
Question 2

In the MITRE ATT&CK Framework (version 11 - the newest version released in April 2022), which of the following pair of tactics is not in the Enterprise: Windows matrix?

Options:

A.

Persistence and Execution

B.

Impact and Collection

C.

Privilege Escalation and Initial Access

D.

Reconnaissance and Resource Development

Question 3

Which of the following is the proper method to quantify search results, enabling a hunter to quickly sort and identify outliers?

Options:

A.

Using the "| stats count by" command at the end of a search string in Event Search

B.

Using the "|stats count" command at the end of a search string in Event Search

C.

Using the "|eval" command at the end of a search string in Event Search

D.

Exporting Event Search results to a spreadsheet and aggregating the results

Question 4

You are reviewing a list of domains recently banned by your organization's acceptable use policy. In particular, you are looking for the number of hosts that have visited each domain. Which tool should you use in Falcon?

Options:

A.

Create a custom alert for each domain

B.

Allowed Domain Summary Report

C.

Bulk Domain Search

D.

IP Addresses Search

Question 5

Which of the following best describes the purpose of the Mac Sensor report?

Options:

A.

The Mac Sensor report displays a listing of all Mac hosts without a Falcon sensor installed

B.

The Mac Sensor report provides a detection focused view of known malicious activities occurring on Mac hosts, including machine-learning and indicator-based detections

C.

The Mac Sensor report displays a listing of all Mac hosts with a Falcon sensor installed

D.

The Mac Sensor report provides a comprehensive view of activities occurring on Mac hosts, including items of interest that may be hunting or investigation leads

Question 6

Which tool allows a threat hunter to populate and colorize all known adversary techniques in a single view?

Options:

A.

MISP

B.

OWASP Threat Dragon

C.

OpenXDR

D.

MITRE ATT&CK Navigator

Question 7

Which of the following is an example of actor actions during the RECONNAISSANCE phase of the Cyber Kill Chain?

Options:

A.

Installing a backdoor on the victim endpoint

B.

Discovering internet-facing servers

C.

Emailing the intended victim with a malware attachment

D.

Loading a malicious payload into a common DLL

Question 8

Which structured analytic technique contrasts different hypotheses to determine which is the best leading (prioritized) hypothesis?

Options:

A.

Model hunting framework

B.

Competitive analysis

C.

Analysis of competing hypotheses

D.

Key assumptions check

Question 9

What type of attack would this process tree indicate?

Options:

A.

Brute Forcing Attack

B.

Man-in-the-middle Attack

C.

Phishing Attack

D.

Web Application Attack

Page: 1 / 2
Total 60 questions