CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFH-202

Free CCFH-202 Exam Braindumps (page: 3)

Page 2 of 23
PDF with 88 Questions



Falcon detected the above file attempting to execute. At initial glance, what indicators can we use to provide an initial analysis of the file?

  1. VirusTotal, Hybrid Analysis, and Google pivot indicator lights enabled
  2. File name, path, Local and Global prevalence within the environment
  3. File path, hard disk volume number, and IOC Management action
  4. Local prevalence, IOC Management action, and Event Search

Answer(s): B



A benefit of using a threat hunting framework is that it:

  1. Automatically generates incident reports
  2. Eliminates false positives
  3. Provides high fidelity threat actor attribution
  4. Provides actionable, repeatable steps to conduct threat hunting

Answer(s): D



Which of the following is an example of a Falcon threat hunting lead?

  1. A routine threat hunt query showing process executions of single letter filename (e.g., a.exe) from temporary directories
  2. Security appliance logs showing potentially bad traffic to an unknown external IP address
  3. A help desk ticket for a user clicking on a link in an email causing their machine to become unresponsive and have high CPU usage
  4. An external report describing a unique 5 character file extension for ransomware encrypted files

Answer(s): A



The Falcon Detections page will attempt to decode Encoded PowerShell Command line parameters when which PowerShell Command line parameter is present?

  1. -Command
  2. -Hidden
  3. -e
  4. -nop

Answer(s): C






Post your Comments and Discuss CrowdStrike CCFH-202 exam with other Community members:

CCFH-202 Discussions & Posts