CrowdStrike Exam CCFH-202 Topic 9 Question 33 Discussion

Actual exam question for CrowdStrike's CCFH-202 exam

Question #: 33
Topic #: 9

[All CCFH-202 Questions]

What information is provided from the MITRE ATT&CK framework in a detection's Execution Details?

AGrouping Tag

BCommand Line

CTechnique ID

DTriggering Indicator

Show Suggested Answer

Suggested Answer: B

User Search is an Investigate tool that helps you investigate a list of process activity executed by the specified user account. It shows information such as process name, command line, parent process name, parent command line, etc. for each process that was executed by the user account on any host in your environment. It does not show a history of Falcon UI logon activity, a count of failed user logon activity, or a list of DNS queries by the specified user account.

by Clay at Oct 21, 2024, 12:26 PM

Limited Time Offer

25%

Off

Get Premium CCFH-202 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Francine

3 days ago

I think the information provided includes Technique ID.

upvoted 0 times

...