BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CrowdStrike Exam CCFR-201 Topic 2 Question 21 Discussion

Actual exam question for CrowdStrike's CCFR-201 exam
Question #: 21
Topic #: 2
[All CCFR-201 Questions]

When reviewing a Host Timeline, which of the following filters is available?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to theCrowdStrike Falcon Devices Add-on for Splunk Installation and Configuration Guide v3.1.5+, the Host Timeline tool allows you to view all events recorded by the sensor for a given host in a chronological order1.The events include process executions, file writes, registry modifications, network connections, user logins, etc1.You can use various filters to narrow down the events based on criteria such as event type, timestamp range, file name, registry key, network destination, etc1.However, there is no filter for severity, user name, or detection ID, as these are not attributes of the events1.


by Ty at Aug 24, 2024, 08:02 AM

Limited Time Offer

25%

Off

Get Premium CCFR-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Hollis
1 months ago
B) Event Types, no doubt. Unless the exam is trying to make us all look like fools, in which case the answer is probably C) User Name and D) Detection ID. Gotta be ready for those curveballs!
upvoted 0 times
...
Benedict
1 months ago
Hmm, B) Event Types is the obvious choice here. Unless the exam question is trying to trick us, of course. In which case, D) Detection ID it is!
upvoted 0 times
Laurel
2 days ago
I agree, it's the most common one to look at.
upvoted 0 times
...
Silvana
22 days ago
I think B) Event Types is the best filter to use.
upvoted 0 times
...
...
Judy
1 months ago
I'm going with B) Event Types. I mean, what's the point of a timeline if you can't filter by the actual events, am I right?
upvoted 0 times
...
Donte
1 months ago
A) Severity could be helpful, but B) and C) seem more relevant. This is a tricky one!
upvoted 0 times
Minna
12 days ago
D) Detection ID might be helpful in certain cases, but I think B) Event Types and C) User Name are more important filters to consider.
upvoted 0 times
...
Filiberto
14 days ago
I agree, C) User Name could also provide valuable information when reviewing a Host Timeline.
upvoted 0 times
...
Lenny
23 days ago
I think B) Event Types would be the most useful filter to review a Host Timeline.
upvoted 0 times
...
...
Dwight
2 months ago
I think using the Severity filter can help prioritize the events in the Host Timeline.
upvoted 0 times
...
Lajuana
2 months ago
I believe the User Name filter would be the most useful to narrow down the timeline events.
upvoted 0 times
...
Caitlin
2 months ago
I agree with Wenona, those are the filters you can use when reviewing a Host Timeline.
upvoted 0 times
...
Wenona
2 months ago
I think the filters available are Severity, Event Types, User Name, and Detection ID.
upvoted 0 times
...
Julie
2 months ago
D) Detection ID seems like a bit of a stretch for a Host Timeline. I'd go with B) or C).
upvoted 0 times
...
Shonda
2 months ago
C) User Name would be super useful too, especially for tracking user activity on the system.
upvoted 0 times
Bette
2 months ago
C) User Name is definitely useful for monitoring user activity.
upvoted 0 times
...
Ulysses
2 months ago
A) Severity is important to filter out critical events.
upvoted 0 times
...
...
Shawnee
2 months ago
I think it's definitely B) Event Types. That's the most logical filter for a Host Timeline, right?
upvoted 0 times
Eura
1 months ago
I agree, Event Types is a logical filter to use when analyzing the activity on a host.
upvoted 0 times
...
Emmanuel
2 months ago
I believe it's also possible to filter by Severity and User Name on the Host Timeline.
upvoted 0 times
...
Hillary
2 months ago
Yes, you're correct. Event Types is one of the filters available when reviewing a Host Timeline.
upvoted 0 times
...
...

Save Cancel