Free CCFH-202 Exam Braindumps (page: 11)

Page 10 of 23

Which Falcon documentation guide should you reference to hunt for anomalies related to scheduled tasks and other Windows related artifacts?

  1. Hunting and Investigation
  2. Customizable Dashboards
  3. MITRE-Based-Falcon Detections Framework
  4. Events Data Dictionary

Answer(s): A



What topics are presented in the Hunting and Investigation Guide?

  1. Detailed tutorial on writing advanced queries such as sub-searches and joins
  2. Detailed summary of event names, descriptions, and some key data fields for hunting and investigation
  3. Sample hunting queries, select walkthroughs and best practices for hunting with Falcon
  4. Recommended platform configurations and prevention settings to ensure detections are generated for hunting leads

Answer(s): C



Which of the following does the Hunting and Investigation Guide contain?

  1. A list of all event types and their syntax
  2. A list of all event types specifically used for hunting and their syntax
  3. Example Event Search queries useful for threat hunting
  4. Example Event Search queries useful for Falcon platform configuration

Answer(s): C



Which document provides information on best practices for writing Splunk-based hunting queries, predefined queries which may be customized to hunt for suspicious network connections, and predefined queries which may be customized to hunt for suspicious processes?

  1. Real Time Response and Network Containment
  2. Hunting and Investigation
  3. Events Data Dictionary
  4. Incident and Detection Monitoring

Answer(s): B






Post your Comments and Discuss CrowdStrike CCFH-202 exam with other Community members:

CCFH-202 Discussions & Posts