Free Preparation Discussions
MENU
CrowdStrike CCFH-202 Exam Questions
- Topic 1: Utilize the MITRE ATT&CK Framework to model threat actor behaviors/ Explain what information a bulk (Destination) IP search provides
- Topic 2: Explain what information a Mac Sensor Report will provide/ Conduct hypothesis and hunting lead generation to prove them out using Falcon tools
- Topic 3: Identify the vulnerability exploited from an initial attack vector/ Explain what information is in the Events Data Dictionary
- Topic 4: Explain what information a Hash Execution Search provides/ Explain what information a Bulk Domain Search provides
- Topic 5: Locate built-in Hunting reports and explain what they provide/ Identify alternative analytical interpretations to minimize and reduce false positives
- Topic 6: Explain what information is in the Hunting & Investigation Guide/ Differentiate testing, DevOps or general user activity from adversary behavior
- Topic 7: From the Statistics tab, use the left click filters to refine your search/ Explain what the “join” command does and how it can be used to join disparate queries
- Topic 8: Convert and format Unix times to UTC-readable time/ Evaluate information for reliability, validity and relevance for use in the process of elimination
- Topic 9: Explain what information a Source IP Search provides/ Explain what the “table” command does and demonstrate how it can be used for formatting output
- Topic 10: Demonstrate how to get a Process Timeline/ Analyze and recognize suspicious overt malicious behaviors
Free CrowdStrike CCFH-202 Exam Actual Questions
Note: Premium Questions for CCFH-202 were last updated On Feb. 23, 2025 (see below)
With Custom Alerts you are able to configure email alerts using predefined templates so you're notified about specific activity in your environment. Which of the following outlines the steps required to properly create a custom alert rule?
These are the steps required to properly create a custom alert rule. Custom Alerts are a feature that allows you to configure email alerts using predefined templates so you're notified about specific activity in your environment. You can choose from various templates that cover different use cases, such as suspicious PowerShell activity, network connections to risky countries, etc. You can also preview the search results of the template before scheduling the alert. You do not need to create the query for the alert, setup the email template for the alert, or create a new custom template, as these are already provided by the predefined templates.
Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?
The Linux Sensor report is where an analyst would find information about shells spawned by root, Kernel Module loads, and wget/curl usage. The Linux Sensor report is a pre-defined report that provides a summary view of selected activities on Linux hosts. It shows information such as process execution events, network connection events, file write events, etc. that occurred on Linux hosts within a specified time range. The Sensor Health report, the Sensor Policy Daily report, and the Mac Sensor report do not provide the same information.
What information is provided when using IP Search to look up an IP address?
IP Search is an Investigate tool that allows you to look up information about external IPs only. It shows information such as geolocation, network connection events, detection history, etc. for each external IP address that has communicated with your hosts. It does not show information about internal IPs, suspicious IPs, or both internal and external IPs.
Where would an analyst find information about shells spawned by root, Kernel Module loads, and wget/curl usage?
The Linux Sensor report is where an analyst would find information about shells spawned by root, Kernel Module loads, and wget/curl usage. The Linux Sensor report is a pre-defined report that provides a summary view of selected activities on Linux hosts. It shows information such as process execution events, network connection events, file write events, etc. that occurred on Linux hosts within a specified time range. The Sensor Health report, the Sensor Policy Daily report, and the Mac Sensor report do not provide the same information.
Which of the following is a way to create event searches that run automatically and recur on a schedule that you set?
Scheduled Searches are a way to create event searches that run automatically and recur on a schedule that you set. You can use Scheduled Searches to monitor your environment for specific conditions or patterns, generate reports or alerts, or enrich your data with additional fields or tags. Workflows, Event Search, and Scheduled Reports are not ways to create event searches that run automatically and recur on a schedule.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Terrilyn
Truman
3 days agoRene
15 days agoHailey
29 days agoGlenn
1 months agoAndrew
1 months agoGregoria
1 months agoIsabella
2 months agoSunny
2 months agoMargarita
2 months agoKris
2 months agoLaticia
3 months agoDaniel
3 months agoHyun
3 months agoFlo
3 months agoNaomi
4 months agoChauncey
4 months agoCordelia
4 months agoNatalie
4 months agoWhitley
4 months agoLashaunda
5 months agoBronwyn
5 months agoGracie
5 months agoAileen
5 months agoZack
5 months agoElise
6 months agoEvangelina
6 months agoJesus
6 months agoIsreal
6 months agoHaydee
7 months agoLouisa
7 months agoIvette
8 months agoKathrine
8 months agoGiovanna
9 months agoProvidencia
9 months agoNorah
9 months agoReed
10 months ago