Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home CrowdStrike CCFH-202

CrowdStrike CCFH-202 Exam Practice Questions (P. 4)

  • Full Access (88 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #16
Which of the following queries will return the parent processes responsible for launching badprogram.exe?
  1. A
    [search (ParentProcess) where name=badprogram.exe ] | table ParentProcessName _time
  2. B
    event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename ParentProcessId_decimal AS TargetProcessId_decimal | fields aid TargetProcessId_decimal] | stats count by FileName _time
  3. C
    [search (ProcessList) where Name=badprogram.exe ] | search ParentProcessName | table ParentProcessName _time
  4. D
    event_simpleName=processrollup2 [search event_simpleName=processrollup2 FileName=badprogram.exe | rename TargetProcessId_decimal AS ParentProcessId_decimal | fields aid TargetProcessId_decimal] | stats count by FileName _time

Correct Answer:
C

Question #17
You want to produce a list of all event occurrences along with selected fields such as the full path, time, username etc. Which command would be the appropriate choice?
  1. A
    fields
  2. B
    distinctcount
  3. C
    table
  4. D
    values

Correct Answer:
C

Question #18
When exporting the results of the following event search, what data is saved in the exported file (assuming Verbose Mode)? event_simpleName=*Written | stats count by ComputerName
  1. A
    The text of the query
  2. B
    The results of the Statistics tab
  3. C
    No data. Results can only be exported when the “table” command is used
  4. D
    All events in the Events tab

Correct Answer:
B

Question #19
The help desk is reporting an increase in calls related to user accounts being locked out over the last few days. You suspect that this could be an attack by an adversary against your organization. Select the best hunting hypothesis from the following:
  1. A
    A zero-day vulnerability is being exploited on a Microsoft Exchange server
  2. B
    A publicly available web application has been hacked and is causing the lockouts
  3. C
    Users are locking their accounts out because they recently changed their passwords
  4. D
    A password guessing attack is being executed against remote access mechanisms such as VPN

Correct Answer:
D

Question #20
To find events that are outliers inside a network, ___________is the best hunting method to use.
  1. A
    time-based
  2. B
    machine learning
  3. C
    searching
  4. D
    stacking

Correct Answer:
C

Previous Questions Next Questions

All Pages