CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFH-202

Free CCFH-202 Exam Braindumps

In which of the following stages of the Cyber Kill Chain does the actor not interact with the victim endpoint(s)?

  1. Exploitation
  2. Weaponization
  3. Command & control
  4. Installation

Answer(s): B



What information is provided from the MITRE ATT&CK framework in a detection's Execution Details?

  1. Grouping Tag
  2. Command Line
  3. Technique ID
  4. Triggering Indicator

Answer(s): C



You need details about key data fields and sensor events which you may expect to find from Hosts running the Falcon sensor. Which documentation should you access?

  1. Events Data Dictionary
  2. Streaming API Event Dictionary
  3. Hunting and Investigation
  4. Event stream APIs

Answer(s): A



The Events Data Dictionary found in the Falcon documentation is useful for writing hunting queries because:

  1. It provides pre-defined queries you can customize to meet your specific threat hunting needs
  2. It provides a list of all the detect names and descriptions found in the Falcon Cloud
  3. It provides a reference of information about the events found in the Investigate > Event Search page of the Falcon Console
  4. It provides a list of compatible splunk commands used to query event data

Answer(s): C






Post your Comments and Discuss CrowdStrike CCFH-202 exam with other Community members:

CCFH-202 Discussions & Posts