CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFH-202

Free CCFH-202 Exam Braindumps (page: 2)

Page 1 of 23
PDF with 88 Questions

Which of the following is a suspicious process behavior?

  1. PowerShell running an execution policy of RemoteSigned
  2. An Internet browser (eg., Internet Explorer) performing multiple DNS requests
  3. PowerShell launching a PowerShell script
  4. Non-network processes (e.g., notepad.exe) making an outbound network connection

Answer(s): D



Which field should you reference in order to find the system time of a *FileWritten event?

  1. ContextTimeStamp_decimal
  2. FileTimeStamp_decimal
  3. ProcessStartTime_decimal
  4. timestamp

Answer(s): A



What Search page would help a threat hunter differentiate testing, DevOPs, or general user activity from adversary behavior?

  1. Hash Search
  2. IP Search
  3. Domain Search
  4. User Search

Answer(s): D



An analyst has sorted all recent detections in the Falcon platform to identify the oldest in an effort to determine the possible first victim host. What is this type of analysis called?

  1. Visualization of hosts
  2. Statistical analysis
  3. Temporal analysis
  4. Machine Learning

Answer(s): C






Post your Comments and Discuss CrowdStrike CCFH-202 exam with other Community members:

CCFH-202 Discussions & Posts