CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CrowdStrike
  5. CCFH-202

Free CCFH-202 Exam Braindumps (page: 7)

Page 6 of 23
PDF with 88 Questions

Which of the following is a way to create event searches that run automatically and recur on a schedule that you set?

  1. Workflows
  2. Event Search
  3. Scheduled Searches
  4. Scheduled Reports

Answer(s): C



Which of the following is a recommended technique to find unique outliers among a set of data in the Falcon Event Search?

  1. Hunt-and-Peck Search Methodology
  2. Stacking (Frequency Analysis)
  3. Time-based Searching
  4. Machine Learning

Answer(s): B



Adversaries commonly execute discovery commands such as net.exe, ipconfig.exe, and whoami.exe. Rather than query for each of these commands individually, you would like to use a single query with all of them. What Splunk operator is needed to complete the following query? aid=my-aid event_simpleName=ProcessRollup2 (FileName=net.exe __________ FileName=ipconfig.exe _________ FileName=whoami.exe) | table ComputerName UserName FileName CommandLine

  1. OR
  2. IN
  3. NOT
  4. AND

Answer(s): A



You would like to search for ANY process execution that used a file stored in the Recycle Bin on a Windows host. Select the option to complete the following EAM query. aid=my-aid ImageFileName=________ event_simpleName=ProcessRollup2

  1. *$Recycle.Bin^
  2. *$Recycle.Bin*
  3. ^$Recycle.Bin*
  4. ^$Recycle.Bin%

Answer(s): B






Post your Comments and Discuss CrowdStrike CCFH-202 exam with other Community members:

CCFH-202 Discussions & Posts