CCFH-202 Practice Test Questions – CrowdStrike Certified Falcon Hunter

0
34

If you are interested in becoming a CrowdStrike Certified Falcon Hunter, PassQuestion provides the latest and most accurate CCFH-202 practice test questions that cover all the topics and objectives of the real exam. PassQuestion CCFH-202 practice test questions are written by experts who have years of experience in the cybersecurity field and know what it takes to pass the CCFH exam. PassQuestion CCFH-202 practice test questions are also updated regularly to reflect the changes in the exam content and format. By using PassQuestion CCFH-202 practice test questions, you can get a clear idea of what to expect on the actual exam and how to answer the questions correctly and efficiently.

What is CrowdStrike Certified Falcon Hunter (CCFH)?

The CCFH certification is ideal for the investigative analyst who performs deeper detection analysis and response as well as machine timelining and event-related search queries, insider-threat-related investigations, and proactive investigations (threat hunting).

The CCFH exam is the final step toward the completion of CCFH certification, which is one of the three certifications offered by CrowdStrike University. The other two certifications are CrowdStrike Certified Falcon Administrator (CCFA) and CrowdStrike Certified Falcon Responder (CCFR). To prepare for the CCFH exam, you need to have hands-on experience with the Falcon platform and be familiar with the Splunk Search Processing Language (SPL).This exam evaluates a candidate’s knowledge, skills and abilities to effectively respond to a detection within the CrowdStrike Falcon console and Investigate app, use queries and automated reports to assist in machine auditing and proactive investigation, and perform search queries using the Splunk syntax.

A successful CrowdStrike Certified Falcon Hunter:
Understands all aspects of detection investigation
Navigates among and uses multiple views in the Falcon console to perform automated queries such as IP and
Domain searches and time-lining using Splunk event searching
Understands event data structure and relationships
Conducts simple and intermediate search queries using Splunk Search Processing Language (SPL)

The CCFH exam is a 90-minute, 60-question assessment. This exam passed several rounds of editing by both technical and non-technical experts and has been tested by a wide variety of candidates.

Exam Topics

1.0 Attack Frameworks
2.0 Detection Analysis
3.0 Search Tools
4.0 Event Search
5.0 Reports
6.0 Hunting Analytics
7.0 Hunting Methodology
8.0 Documentation

View Online CrowdStrike Certified Falcon Hunter CCFH-202 Free Questions

1. Which field in a DNS Request event points to the responsible process?
A.ContextProcessld_readable
B.TargetProcessld_decimal
C.ContextProcessld_decimal
D.ParentProcessId_decimal
Answer: A

2. You are reviewing a list of domains recently banned by your organization’s acceptable use policy. In particular, you are looking for the number of hosts that have visited each domain. Which tool should you use in Falcon?
A.Create a custom alert for each domain
B.Allowed Domain Summary Report
C.Bulk Domain Search
D.IP Addresses Search
Answer: C

3. What information is shown in Host Search?
A.Quarantined Files
B.Prevention Policies
C.Intel Reports
D.Processes and Services
Answer: D

4. When performing a raw event search via the Events search page, what are Event Actions?
A.Event Actions contains an audit information log of actions an analyst took in regards to a specific detection
B.Event Actions contains the summary of actions taken by the Falcon sensor such as quarantining a file, prevent a process from executing or taking no actions and creating a detection only
C.Event Actions are pivotable workflows including connecting to a host, pre-made event searches and pivots to other investigatory pages such as host search
D.Event Actions is the field name that contains the event name defined in the Events Data Dictionary such as ProcessRollup, SyntheticProcessRollup, DNS request, etc
Answer: C

5. What information is provided when using IP Search to look up an IP address?
A.Both internal and external IPs
B.Suspicious IP addresses
C.External IPs only
D.Internal IPs only
Answer: C

6. What kind of activity does a User Search help you investigate?
A.A history of Falcon Ul logon activity
B.A list of process activity executed by the specified user account
C.A count of failed user logon activity
D.A list of DNS queries by the specified user account
Answer: B