CrowdStrike Certified Falcon Hunter (CCFH-202) Free Practice Test

Question 1

To find events that are outliers inside a network,___________is the best hunting method to use.

A. machine learning

B. searching

C. stacking

D. time-based

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

What elements are required to properly execute a Process Timeline?

A. Hostname and Local Process ID

B. Agent ID (AID) only

C. Target Process ID only

D. Agent ID (AID) and Target Process ID

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Which pre-defined reports offer information surrounding activities that typically indicate suspicious activity occurring on a system?

A. Hunt reports

B. Sensor reports

C. Timeline reports

D. Scheduled searches

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which Falcon documentation guide should you reference to hunt for anomalies related to scheduled tasks and other Windows related artifacts?

A. Customizable Dashboards

B. Hunting and Investigation

C. Events Data Dictionary

D. MITRE-Based Falcon Detections Framework

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

When exporting the results of the following event search, what data is saved in the exported file (assuming Verbose Mode)? event_simpleName=*Written | stats count by ComputerName

A. All events in the Events tab

B. No data Results can only be exported when the "table" command is used

C. The results of the Statistics tab

D. The text of the query

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

You want to produce a list of all event occurrences along with selected fields such as the full path, time, username etc. Which command would be the appropriate choice?

A. values

B. distinct count

C. table

D. fields

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

With Custom Alerts you are able to configure email alerts using predefined templates so you're notified about specific activity in your environment. Which of the following outlines the steps required to properly create a custom alert rule?

A. Choose the template you would like to configure, setup how often you would like the alert to run, and then schedule the alert

B. Create the query for the alert, setup the email template for the alert, and then set the schedule for the alert

C. Create a new custom template, configure the email template, and then create the custom query for the alert

D. Choose the template you would like to configure, preview the search results, and then schedule the alert

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

CrowdStrike Certified Falcon Hunter (CCFH-202) Free Practice Test