CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFH-202

Free CCFH-202 Exam Braindumps (page: 5)

Page 4 of 23
PDF with 88 Questions

Which of the following Event Search queries would only find the DNS lookups to the domain: www.randomdomain.com?

  1. event_simpleName=DnsRequest DomainName=www.randomdomain.com
  2. event_simpleName=DnsRequest DomainName=randomdomain.com ComputerName=localhost
  3. Dns=randomdomain.com
  4. ComputerName=localhost DnsRequest “randomdomain.com”

Answer(s): A



How do you rename fields while using transforming commands such as table, chart, and stats?

  1. By renaming the fields with the “rename” command after the transforming command. e.g. “stats count by ComputerName | rename count AS total_count”
  2. You cannot rename fields as it would affect sub-queries and statistical analysis
  3. By using the “renamed” keyword after the field name. e.g. “stats count renamed totalcount by ComputerName”
  4. By specifying the desired name after the field name. e.g. “stats count totalcount by ComputerName”

Answer(s): D



SPL (Splunk) eval statements can be used to convert Unix times (Epoch) into UTC readable time. Which eval function is correct?

  1. now
  2. typeof
  3. strftime
  4. relative_time

Answer(s): C



Which of the following queries will return the parent processes responsible for launching badprogram.exe?

  1. [search (ParentProcess) where name=badprogram.exe ] | table ParentProcessName _time
  2. event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename ParentProcessId_decimal AS TargetProcessId_decimal | fields aid TargetProcessId_decimal] | stats count by FileName _time
  3. [search (ProcessList) where Name=badprogram.exe ] | search ParentProcessName | table ParentProcessName _time
  4. event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename TargetProcessId_decimal AS ParentProcessId_decimal | fields aid TargetProcessId_decimal] | stats count by FileName _time

Answer(s): B






Post your Comments and Discuss CrowdStrike CCFH-202 exam with other Community members:

CCFH-202 Discussions & Posts